Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 13 Feb 2010 09:05:36 +0300
From: Solar Designer <>
Subject: Re: NTLM cracking

On Fri, Feb 12, 2010 at 03:41:58PM -0800, Anton wrote:
> (sorry about spamming).

You're not spamming, but your breaking of the thread was not great.  You
should have posted your follow-up message as a "reply" to your own post
instead.  Changing the Subject was OK and appropriate, but by using the
"reply" function you would have likely preserved the thread (due to the
In-Reply-To and/or References header).

For those reading the archives, the message I am replying to here was a
follow-up to:

> I have found what i needed in the first place, this article/response
> describes what i have to do to crack NTLM passwords:
> I quite happily ran this command: john -show pwfile | cut -d: -f2 > cracked


> However, im getting: Unknown ciphertext format name requested when i run:
>  john -w=cracked -rules -format=nt pwfile

The official JtR does not support NTLM hashes.  You need to apply the
jumbo patch or use an existing unofficial build made with the jumbo
patch already applied.  Such a build for Windows (as that's what you're
using) is currently linked from the JtR homepage:

" + jumbo patch revision 6 build for Win32 (2.1 MB) by Erik Winkler"

> Yes, i have done the following:
> In john.conf (or john.ini if you're running on Windows), rename the old
> [List.Rules:Wordlist] section to [List.Rules:Disabled] to deactivate it.
> Rename the [List.Rules:NT] section to [List.Rules:Wordlist].


IIRC, the need for using an unofficial build of JtR for this was
mentioned both in the old posting you referenced and in a comment in
john.conf right above the [List.Rules:NT] section.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.