Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OFF420A93C.E3B2A6E6-ON85257258.004B524D-85257258.004BA2CE@sungard.com>
Date: Wed, 3 Jan 2007 08:46:16 -0500
From: Chris.McGinley@...gard.com
To: john-users@...ts.openwall.com
Subject: Re: pwdump2 and JtR - problem with syntax in running JtR and
 displaying passwords

Hviti,

Based on the hashes you provided -

Admin:500:aad3b435b...:12ed...:::
Account:1010:aad3b435...:d76...:::

The first hash that I see, starting with aad3b... looks to be a NO 
PASSWORD situation meaning that the storage of LAN Manager hashes is 
probably disabled in the security template for the system. You need to 
specify the correct format to john like so:

john -format:NT passwords.txt

Keep in mind, this format is case sensitive and will take longer to crack 
than a LAN Manager hash.

-Chris




Hviti/Spaki <fkhviti@...oo.com> 
01/03/2007 02:06 AM
Please respond to
john-users@...ts.openwall.com


To
john-users@...ts.openwall.com
cc

Subject
[john-users] pwdump2 and JtR - problem with syntax in running JtR and 
displaying passwords






Hi,

I'm having problems using pwdump2 and JtR on an account with admin rights 
on a WinXP computer and would appreciate it if anyone could help.

I downloaded both programs and unzipped them to C, opened the command 
prompt then:

typed in "cd C:\pwdump2", hit return
typed in "pwdump2.exe", hit return

saw a list like -
Admin:500:aad3b435b...:12ed...:::
Account:1010:aad3b435...:d76...:::

at C:\pwdump2> I typed in "pwdump2 > passwords.txt"
copied that file from the pwdump2 folder to the folder C:\john1701\run

went back to the command prompt and typed in "cd C:\john1701\run"
at C:\john1701\run> typed in "john-386.exe passwords.txt"

saw a list like-
Loaded 8 password hashes with no different salts (NT LM DES [32/32 BS])
        <Admin>
        <Account>
guesses: 8  time: 0:00:00:00:00 100% (2) c/s 1127K trying 12345 - MUSTANG

Since this didn't display any passwords, I tried deleting
the files and starting over again, but after:

went back to the command prompt and typed in "cd C:\john1701\run"
at C:\john1701\run> typed in "john-386.exe -i:all passwords.txt"

and got-
Loaded 1 password hash (NT LM DES [32/32 BS])
Warning: MaxLen = 8 is too large for the current hash type, reduced to 7
Warning: mixed-case charset, but the current hash type is 
case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
        <Admin>
guesses: 1  time: 0:00:00:00:00 c/s 3276 trying: 2100 - SPACY

I then tried repeating the process with:
"john-386.exe -i passwords.txt"

and got-
Loaded 1 passwords hash (NT LM DES [32/32 BS])
        <Admin>
guesses: 1  time: 0:00:00:00:00 c/s 7952 trying: SERO - SPARS

I've been fiddling around with it for a bit and tried reading the FAQ and 
some other stuff on the net and am still rather confused and would 
appreciate any clarafication possible.

Thanks for the time

 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.