Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 25 Oct 2012 10:11:39 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: lm2ntlm

On 2012-10-24 17:17, Solar Designer wrote:
> On Wed, Oct 24, 2012 at 05:13:02PM +0400, Solar Designer wrote:
>> "--loopback" is not in core JtR, it is a fairly recent addition to jumbo -
>> in fact, I did not recall it when writing my previous reply.  I think it
>> addresses the issue with colons.  So I think things are pretty good as-is,
>> except that maybe we need to write a tutorial or something.
> 
> Oh, things are not so good: I totally forgot that --loopback does not
> combine LM hash halves (indeed, it does not have/know the input password
> file to do so).  So we're back to the approach with "cut", and this has
> the colon problem.  A solution may be to enhance --show so that we could
> tell it to output first two fields only (then we'll use "cut -f2-").
> Another solution may be to get some LM2NT functionality into JtR proper.
> 
> http://www.room362.com/blog/2012/10/24/lm2ntlm-with-john-the-ripper.html

Another thing that -loopback can't do is the two-way codepage conversion
needed for non-ascii passwords when you go from LM to NT. You have an
excellent opportunity to crack 8-bit passwords like José123 or müller456
with LM. With some knowledge of what OEM codepage was used (or
trial'n'error), you can include eg. iconv(1) in the pipe chain and
supply --encoding to the second instance of JtR, eg:

john -show pwfile | cut -d: -f2 | iconv -f cp437 -c -t cp1252 | john
-pipe -enc:cp1252 -rules:nt -format=nt pwfile

john -show pwfile | cut -d: -f2 | iconv -f cp858 -c -t iso-8859-15 |
john -pipe -enc:iso-8859-15 -rules:nt -format=nt pwfile

john -show pwfile | cut -d: -f2 | iconv -f cp737 -c -t cp1253 | john
-pipe -enc:cp1253 -rules:nt -format=nt pwfile

john -show pwfile | cut -d: -f2 | iconv -f cp866 -c -t cp1251 | john
-pipe -enc:cp1251 -rules:nt -format=nt pwfile

This way, even passwords containing non-ascii letters will be
case-permuted correctly and cracked. Note that you can chose the second
codepage (cp1252 in the first example) arbitrarily, it just has to be
able to represent the characters from the source (the real characters,
not just the byte values). And it can't be UTF-8 because only legacy
codepages have full support for case-toggling in the rules engine
(currently).

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.