Date: Sat, 18 Feb 2006 19:25:33 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: john for windows On Sat, Feb 18, 2006 at 12:53:51PM +0100, thomas springer wrote: > After cracking a users complete lmhash, invoke another thread or > process and crack the ntlm-hash as well to get the "real" > case-sensitive password, spitting them out or saving them in an easy > to use format like the one used with john -show. Since there aren't > too many possible combinations of the lm-hash, a potential patch won't > need to invoke a complete second jtr-process for cracking the > ntlm-hash, a simple bruteforce-des should do this job fine and won't > slow down the cracking-process substantially. (This has nothing to do with DES. NTLM hashes are MD4-based.) JtR 1.7 includes a hack to implement that in the default john.conf: # Case toggler for cracking MD4-based NTLM hashes (with the contributed # patch), given already cracked DES-based LM hashes. # Rename this section to [List.Rules:Wordlist] to activate it. [List.Rules:NT] l lMT[*0]T[*1]T[*2]T[*3]T[*4]T[*5]T[*6]T[*7]T[*8]T[*9]T[*A]T[*B]T[*C]T[*D]Q So you need to rename the section as the comment says, then run: john -show pwfile | cut -d: -f2 > cracked john -w=cracked -rules -format=nt pwfile Obviously, you need Cygwin installed - or do this on a Unix system - for "cut". -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.