Date: Sun, 15 May 2005 07:39:11 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: LANMAN and NT Hash ?s...basic I wrote: > 0. In params.h, increase RULE_RANGES_MAX from 8 to at least 14 and > re-compile. (I probably need to change this default.) I've now increased the default RULE_RANGES_MAX to 16 for 188.8.131.52+. > 3. Create this section anew: > > [List.Rules:Wordlist] > : > lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q This was slightly buggy, here's what went into 184.108.40.206 instead: # Case toggler for cracking MD4-based NTLM hashes (with the contributed # patch), given already cracked DES-based LM hashes. # Rename this section to [List.Rules:Wordlist] to activate it. [List.Rules:NT] l lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q > 4. Crack your NT hashes with these invocations of John: > > john -show pwfile | cut -d: -f2 > ntlm.lst > john -w=ntlm.lst -rules pwfile This had a minor omission, it should be: john -show pwfile | cut -d: -f2 > lm.lst john -w=lm.lst -rules -format=nt pwfile Now this is actually tested and it works. The first command may be enhanced to produce a more optimal "wordlist" by eliminating duplicates, empty and not fully cracked passwords, and the trailing status line. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.