Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Nov 2007 21:12:09 -0600
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: advice requested about NTLMv1 implementation

On Tue, 2007-11-13 at 09:54 +0100, Simon Marechal wrote:
> Hello,
> 
> 	as most people know it's quite easy once you have a valid account on a 
> window computer (not vista) to retrieve an NTLMv1 response to an 
> arbitrary challenge. This makes it quite useful when looking for a valid 
> user password.
> 
> 	This response is made of 3 chunks, based on the LM hash (which is made 
> of 2 chunks). The dependency is:
> 
> C/R		LM
> 1st chunk	7 first bytes of the first LM chunk
> 2nd chunk	last byte of 1st LM chunk and 6 first bytes of 2nd chunk
> 3rd chunk	2 last bytes of the second LM chunk
> 
> It should be clear here that there are only 2^16 3rd chunks for a given 
> challenge. Getting the last 2 bytes of the 2nd chunk's LM hash is thus 
> quite fast. In the same way, once you know the 2nd LM chunk, it's quite 
> easy to retrieve the last byte of the 1st.
> 
> 	It thus makes sense to only compute the LM hash, and do the full 
> computation on passwords whose last bytes match (with a false positive 
> rate of 1/2^16 and 1/2^8 for the 2nd and 1st chunk).
> 
> 	It's straightforward to alter the LM cipher to crack either the last 
> chunk or the first chunk, but I can't see a smart way to attack both in 
> the same cipher, as the split() function would retrieve chunks that are 
> computed differently. Would someone have a good advice on that?

I don't have any good advice for you on this specifically. ;)

At the risk of pointing out the obvious, have you seen the basic
implementation of LMv1/NTLMv1 posted here:

http://openwall.com/john/contrib/john-1.7.0.2-netlm-netntlm-jmk-3.diff.gz
http://openwall.com/john/contrib/john-1.7.2-all-8.diff.gz

I've found coupling LMv1 (1st chunk) Rainbow Table look-ups with NTLMv1
brute-force guessing to be relatively quick for cracking a user's
password.

Joe




-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.