Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Jun 2007 23:32:19 +0200
From: Dirk Wetter <>
Subject: Re: Best Windows Password Cracking Method


just use rainbow tables for this.


Am 27.06.2007 23:05, Brian Smith schrieb:
> Hello all. 
> I am working on cracking the LM hashes that I have dumped from several Windows servers as part of a penetration test and would like to see if I am using the best method.  I have already cracked on 14 character password from this file and am assuming that the password that I'm working on is also 14 characters.  Here is my progress so far:
> 1. Grabbed the local administrator hash from 3 separate servers using various exploits.  The hash is identical in each instance, so the passwords are the same.
> 2. I have the large password list from Openwall and have already run this against the hashes, along with letting it brute force for 5 days at roughly 3,100K c/s.
> 3. I obtained the first part of the hash which contains letters, numbers, and a '.'.
> 4. Using this information, I have settled on the following approach to finish my cracking
>     a. Using the incrementail crack mode 'alnum', I added the extra characters "!@$.' with the Extras = command in the john.conf
>     b. I have increased the total number of characters to 40 and specified a min and max length of 7 in the john.conf for the alnum set
>     c. I have repeated 'b' on another machine and specfiied a min and max of 6.
> 5. I have calculated that for the 7 length, it should take roughly 14 hours for the total set.  Is this correct?
> 6. If this does not yield results, is there a good way to add extra characters to my already modified alnum set?  Will John remember what it already tried and only try new combinations?
> Please let me know if you see any flaws in my approach or if anyone has any suggested improvements.
> Thanks
> Brian

Dirk Wetter @ Dr. Wetter IT Consulting
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3  64E5 C967 34D8 11B7 C62F

Found core file older than 7 days: /usr/share/man/man5/core.5.gz

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.