Date: Fri, 24 Mar 2006 19:51:13 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: does john crack xp passwords correctly? I wrote: > So you need to rename the section as the comment says, referring to [List.Rules:NT] in the default john.conf with 1.7+ > then run: > john -show pwfile | cut -d: -f2- > cracked > john -w=cracked -rules -format=nt pwfile > > The "-format=nt" requires an NTLM-patched build of John. I got this example slightly wrong. The "cut" command should use "-f2", not "-f2-". By passing the second dash, I intended to catch passwords with embedded colons, but I forgot that there are more colon-separated fields in the "-show" output. So the commands to use would be: john -show pwfile | cut -d: -f2 > cracked john -w=cracked -rules -format=nt pwfile john -show -format=nt pwfile I have actually tested these with a file containing both LM and NTLM hashes and this approach works just fine. One known problem with it is that it'll fail for passwords containing colons. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.