Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Mar 2006 19:51:13 +0300
From: Solar Designer <>
Subject: Re: does john crack xp passwords correctly?

I wrote:
> So you need to rename the section as the comment says,

referring to [List.Rules:NT] in the default john.conf with 1.7+

> then run:
> john -show pwfile | cut -d: -f2- > cracked
> john -w=cracked -rules -format=nt pwfile
> The "-format=nt" requires an NTLM-patched build of John.

I got this example slightly wrong.  The "cut" command should use "-f2",
not "-f2-".  By passing the second dash, I intended to catch passwords
with embedded colons, but I forgot that there are more colon-separated
fields in the "-show" output.  So the commands to use would be:

john -show pwfile | cut -d: -f2 > cracked
john -w=cracked -rules -format=nt pwfile
john -show -format=nt pwfile

I have actually tested these with a file containing both LM and NTLM
hashes and this approach works just fine.

One known problem with it is that it'll fail for passwords containing

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.