Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 21 Sep 2015 09:05:10 +0200
From: patpro@...pro.net
To: john-users@...ts.openwall.com
Subject: Re: best setup to crack format nt or nt2

Hi Rich,

On 21 sept. 2015, at 01:07, Rich Rumble <richrumble@...il.com> wrote:

> On Sun, Sep 20, 2015 at 4:35 PM, Patrick Proniewski <patpro@...pro.net> wrote:
>> I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file.
> http://openwall.info/wiki/john/hash-formats
> username:nt_hash_here is a very simple format, but using the usernames
> as a dictionary can be beneficial, you should try -single crack mode
> first, it should use the username's (and if you put any thing
> "artifically" in a GECOS field).

That's what I had in mind. I've already done this kind of exercise with LDIF export of our main LDAP directory, feeding GECOS fields with available data. I'm not proficient with Windows techno, but it seems I wont be able to recover full name/first name from the AD dump that easily.


>> I've made some tests already: LM hash is unused, the other hash is recognized as nt and nt2. Is there any difference between those too formats? Apparently, I can use either --format=nt or --format=nt2 with same results.
> http://www.openwall.com/lists/john-users/2012/11/15/12

Thank you, I'll make some benches on the final CPU then.


>> I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup.
> NT is "fast", and as of now OpenMP will not be of benefit for this format,
> http://openwall.info/wiki/john/parallelization
> Fork will however will help reduce the work by 8 :)  Have a look at
> this cheat sheet for attacks you may want to try:
> https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheat-sheet.pdf
> Or my article here:
> https://xinn.org/blog/JtR-AD-Password-Auditing.html (needs updating a
> bit, fork is fixed now)

Very nice, thank you!

Patrick

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.