Date: Sun, 20 Dec 2009 15:23:44 -0500 From: "madfran" <madfran@...-ezine.org> To: john-users@...ts.openwall.com Subject: Re: JTR and format NTLM >>>From two different ways I always arrive at the same result. >> >>What two different ways, specifically? >> >> Administrator:500:AAD3B435B51404EEAAD3B435B51404EE: >> A82FF8E15A18E4E73399D231E9B32157F::: >> >This has LM hash of an empty string (which usually indicates that LM >hashes are disabled). Then, instead of the NTLM hash, which would >normally be represented with 32 hex digits, you have some other string >of 33 hex digits. My guess is that it has to do with your "two >different ways" - e.g., maybe you used some program that obfuscates >password hashes that it dumps, maybe for use with some specific tool or >online service. ok. lc3 say that LM password is empty, but in fact doesn't work. >I suggest that you try pwdump6: > >http://xxx.foofus.net/~fizzgig/pwdump/ >http://www.openwall.com/passwords/microsoft-windows-nt-2000-xp-2003- vista#pwdump Difficult to do. Symantec antivirus detects the original pwdump as a virus. I don't want to disable it because I have had some problems in the past. >Please don't forget to let the list know how you obtained this broken >NTLM hash, and what approach you ended up using instead. First approach. Old lc3 (l0htcrack version 3) As I explained yet, I have administrator's rights and I can use it. Second approach. -Start the laptop from an USB device with a linux SO -Download from my hard disc the following files, - system - SAM -Start the laptop in the standard way (Windows XP) -Extract the bootkey from "system" with the tool Bkhive -Use samdump to extract the hash Today approach -Download pwdump6-2.0.0 -The PwDumpDebug is not detected by Symantec! -Extract the hash Administrator:500:NO PASSWORD*********************:A82FF8E15A18E4E7399D231E9B32157F::: madfran
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.