Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 11 Nov 2011 21:46:23 -0500
From: Philippe Ouellet <pplouellet@...il.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: NTLM challenge/response cracking (again...)

I've had issues with captured challenge response hashes. Here is some additional info that helped me with formatting. http://www.foofus.net/?page_id=63

On 2011-11-11, at 5:16 PM, rootkit rootkit <rootkit77@...il.com> wrote:

> On Fri, Nov 11, 2011 at 6:29 PM, magnum <john.magnum@...hmail.com> wrote:
> 
>>> Information on this topic are very difficult to find. At the beginning
>>> I was thinking about generating rainbow tables for each different
>>> CHALLENGE, but that would be really too much.
>> 
>> It would miss the whole point of rainbow tables. In short, if you do not
>> already have the tables, cracking with JtR will be quicker.
> 
> True. At the time I didn't know john could crack it (or better, I
> didn't know I needed the jumbo patch).
> 
>>> However there's something I don't understand: does the NETLM cracking
>>> work only if the challenge is 1122334455667788? Would it work for any
>>> challenge?
>> 
>> JtR works for any challenge. That particular challenge stems from some
>> old public attacks where the challenge was forced to this value, thereby
>> making the salt (challenge) "worthless".
> 
> That was more or less my guess, thanks for confirming.
> 
>> And, because of this, I'm
>> pretty sure there are rainbow tables for that very challenge.
> 
> Yes, I have seen some around.
> 
>> Like Solar said, post some example hashes. It should work if you do it
>> right - at least if you run JtR version 1.7.7-jumbo-5 or newer. Earlier
>> versions had a variety of shortcomings and was also substantially slower
>> for these hashes.
> 
> Done in the other post.
> Thanks for your answer magnum.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ