Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 05 Feb 2008 14:31:39 -0600
From: jmk <>
Subject: Re: LM response bytes 8-16 cracking - standalone
	program based on JtR

On Tue, 2008-02-05 at 18:36 +0530, Dhirendra Singh Kholia wrote:
> Hi All,
> The attached program (still a PoC) cracks bytes 8-16 of
> a LM response. (I discussed the idea behind it in nethalflm patch post).
> In case of attachment issues please get it from:
> It needs lot of work to be really usable but the basic idea is implemented.
> Also i couldn't figure out how to make it a patch to JtR, hence i had to make
> it standalone.
> Please do test and improve. Also can somebody please combine it with
> nethalflm patch? (at least give some ideas) :-)

FWIW, I went a somewhat different direction on this issue. I've been
using "HalfLM" Rainbow Tables to crack the first seven case-insensitive
characters of the user's password. If the password is greater than seven
characters, I use a custom JtR external filter to brute the remaining
piece. The resultant value is then retested using the NetNTLM algorithm
to determine the correct character case.

I've hacked together a Perl script to tie these steps together. It's not
pretty and will probably require modifications for other environments,
but people are welcome to it:


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.