Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 07 Mar 2007 12:03:42 +0100
From: Antares <antares@....ch>
To: john-users@...ts.openwall.com
Subject: Re: LM an NTLM combination

It all worked great so far! Thanks again.
For me it remains a small uncertainty in understanding the work of john 
(in the word list mode, with the altered rule set, as described in the 
reference which you mentioned.):
Let's assume an empty john directory, which NTLM patch applied, confile 
adjustet to NT world list rules, and a word list with the capitalized 
case insensitive passwords from a LM hash run.
I would (naively) expect that John would run one word by another (from 
word list)  applying  the  (new) rule set, hence finding the right case 
for each password.
That leads me to the assumption that John would find "all" possible 
combinations during the first run.

My first run found i.e. 1459 guesses (in 1 min, 10s)
Invoking the very same command again (using by bash history) found 
another 65 guesses (in 1 min, 11s)

How is that possible? Times are almost the same, by coincident?

kind regards
antares


btw. i don't want to bother you ;) if you have no time for this, let me 
know, i'll post it then to the list...


Solar Designer schrieb:
> On Sun, Mar 04, 2007 at 03:00:58PM +0100, Antares wrote:
>   
>> My Question is, how can I make the best use of the already known LM
>> passwords. Do I need to make a wordlist out of the pot file on the
>> windows box and specify special rules in order to try only "case
>> combinations"?
>>     
>
> Frank has already provided an answer (thanks!) but I wanted to post a
> more recent reference for JtR 1.7.x:
>
> 	http://www.openwall.com/lists/john-users/2006/07/08/2
>
>   
>> Or would john take into account (or disregard completely) available LM
>> passwords in a pot file, if invoked with --format=NT ?
>>     
>
> Unfortunately, John disregards the already cracked LM hashes when you
> invoke it to crack your NTLM hashes, unless you follow the procedure
> outlined in the posting referenced above.
>
>   
>> Or is maybe my expectation wrong, that it is less time consuming to
>> first crack the LM hashes and then use this input to crack the NTLM
>> hashes, instead of starting directly on the NTLM hashes?
>>     
>
> Your expectation is correct.  This is the way to go when hashes of both
> types are available.
>
>   


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.