Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Dec 2009 16:37:38 -0500
From: "madfran" <>
Subject: Re: JTR and format NTLM


>> Today approach
>> -Download pwdump6-2.0.0
>> -The PwDumpDebug is not detected by Symantec!
>> -Extract the hash
>>  Administrator:500:NO 
>> PASSWORD*********************:A82FF8E15A18E4E7399D231E9B32157F:::
>Well, this has what looks like a valid NTLM hash.  Notice how it is 32
>hex digits, not 33.  JtR with the jumbo patch loads it just fine.

After the advise of "SL", I tried the Ophcrack approach with a LiveCD.
I always find the same hash,
and this hash is not detected by JtR v-1.7.3 with jumbo patch compiled 
under cygwin.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.