Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 9 Jul 2010 07:25:08 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: LM and NTLM C/R cracking

Hi,

Here's an example of how LM and NTLM challenge/response pairs may be
processed with John the Ripper with the jumbo patch applied, using
sample C/R pairs from this recent blog post:

http://carnal0wnage.attackresearch.com/node/427
http://carnal0wnage.blogspot.com/2010/07/revisiting-halflm-stuff.html

I formatted the input file as follows:

ADMIN:::59DE5D885E583167C3A9A92AC42C0AE52F85252CC731BB25:5ADA49D539BD174E7049805DC1004925E25130C33DBE892A:1122334455667788
ADMIN:::40305B22075D6000D0508D9AD1F7BEB02F85252CC731BB25:337C939E66480243D1833309B8AFE49A81FE4C5E646BF00A:1122334455667788
ADMIN:::DAF3570C10ED2817C3D8A05D69F9EF292F85252CC731BB25:D3FB390BAC5D152F7A394466FBEF686E275D05B99C0A115E:1122334455667788
ADMIN:::76365E2D142B5612980C67D057EB9EFEEE5EF6EB6FF6E04D:727B4E35F947129EA52B9CDEDAE86934BB23EF89F50FC595:1122334455667788
ADMIN:::D737AA8F95CE38359CAB5D8A2519C4B92F85252CC731BB25:0624A3F7D457C54B163C641DBF4B7963548EF1C5D0397CBF:1122334455667788
ADMIN:::0E89A68D07E315C6035E82B757B955882F85252CC731BB25:58F2D720179B4A38A0523E02AEF0D41DACCCD6577EAA943C:1122334455667788
ADMIN:::AA9436C1D40CB53F3E7A20091C4B931C2F85252CC731BB25:8AC45ACDBD60F2FAD3081ECF005536EFA6009C21CA5FAF36:1122334455667788
ADMIN:::DCE867F0CB638DB2DBCC3576A52DC4612F85252CC731BB25:8990B33DAC65C5EF75073829894B911A983C1E260FBD1097:1122334455667788
ADMIN:::6F9D851D74C8A095C9DF672A1554BEBC2F85252CC731BB25:89953DE6F957B7DB5FE664D23AF3DE41DD38F5EC0A4A6EB0:1122334455667788
ADMIN:::CC96CC93B4DC9B7582273227FD61A5952F85252CC731BB25:76D3C3DEB0BB8EF1A1E41AB6A3F6C686A321CE016C624567:1122334455667788
ADMIN:::CC96CC93B4DC9B754DB66776827758D30B7892EEF2E3F2BC:DF58AE0F786BECC11BE11034DC53B21BDF1D73579AF868D1:1122334455667788
ADMIN:::DE5D1D85DAF6593D0A09FF32049013AB2F85252CC731BB25:526471D8C4A0ECC8AF05851804EA8FDD26848FA3CCC63152:1122334455667788
ADMIN:::B8489EDEE1058B43F3CE0F0ABE5A16872F85252CC731BB25:57B9C47A75335692F60E787E41CD16A292A21BC667B3FD02:1122334455667788
ADMIN:::2B6B134AF8D48F2A972BFF5660420D582F85252CC731BB25:5018402148E15A8D77CB22DD46F1449A2791416B73EE9C3D:1122334455667788
ADMIN:::BB49AEFD51ED0DCCD5BE291BD33BE3052F85252CC731BB25:C9B255750BD88AC72E03ADAFDA261E62618C943F7D59DAF5:1122334455667788

First, attack the "NETLM" "hashes" (case insensitive):

host!solar:~/john/john-1.7.6-jumbo-4/run$ ./john --format=netlm pw-netntlm
Loaded 15 password hashes with no different salts (LM C/R DES [netlm])
ADMIN            (ADMIN)
PASSWORD         (ADMIN)
1234             (ADMIN)
123              (ADMIN)
ASDFGH           (ADMIN)
1                (ADMIN)
000000           (ADMIN)
00000000         (ADMIN)
guesses: 8  time: 0:00:00:01 (3)  c/s: 1306K  trying: BETEMOR
12               (ADMIN)
ROOT             (ADMIN)
guesses: 10  time: 0:00:00:04 (3)  c/s: 1994K  trying: MELACCT
00               (ADMIN)
0000             (ADMIN)
guesses: 12  time: 0:00:00:07 (3)  c/s: 1920K  trying: KH6869
000              (ADMIN)
0000000          (ADMIN)
guesses: 14  time: 0:00:00:19 (3)  c/s: 1281K  trying: CESKET1

Now let's try "NETNTLM" (case sensitive):

host!solar:~/john/john-1.7.6-jumbo-4/run$ ./john --format=netntlm pw-netntlm
Loaded 15 password hashes with no different salts (NTLMv1 C/R MD4 DES [netntlm])
ADMIN            (ADMIN)
password         (ADMIN)
1234             (ADMIN)
123              (ADMIN)
asdfgh           (ADMIN)
1                (ADMIN)
000000           (ADMIN)
00000000         (ADMIN)
guesses: 8  time: 0:00:00:01 (3)  c/s: 1306K  trying: sadie
12               (ADMIN)
root             (ADMIN)
guesses: 10  time: 0:00:00:03 (3)  c/s: 2371K  trying: phdigh
0000             (ADMIN)
00               (ADMIN)
guesses: 12  time: 0:00:00:06 (3)  c/s: 2296K  trying: rh3gap
000              (ADMIN)
guesses: 13  time: 0:00:00:09 (3)  c/s: 2033K  trying: gte2g
0000000          (ADMIN)
guesses: 14  time: 0:00:00:19 (3)  c/s: 1626K  trying: mbblum

As you can see, either gets to 8 guesses in 1 second, and to 14 (out of
15 total) in under 19 seconds (the status line was displayed when I
pressed a key; the actual guess occurred a bit earlier).  It is also
possible to go from known case insensitive passwords (cracked from NETLM
hashes) to "crack the case" (from the NETNTLM hashes) nearly instantly,
but this was not required in this case (we got to the same 14 hashes
cracked quickly with a direct attack on NETNTLM as well).  All of this
was with JtR's default settings.

Rainbow tables may be hot, but other approaches are viable as well,
especially when the number of hashes or C/R's to audit is large (with
rainbow tables, the attack time is per-hash, but with JtR the attack is
against all hashes at once).

I hope someone will find this helpful.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ