Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Apr 2010 12:41:33 -0500
From: jmk <>
Subject: Re: NTLMv2 Challenge/Response Cracking

On Tue, 2010-02-16 at 13:53 +0300, Solar Designer wrote:
> Maybe we should include more of your stuff into the jumbo patch -
> perhaps create a subdirectory under doc/ and place your patches to other
> tools in there, with a text file explaining their use along with JtR.
> What do you think?  If you agree, then can you please prepare a "patch"
> like this (to be applied on top of
> My concern is that right now your "formats" integrated into the jumbo
> patch are of little use on their own (or am I wrong?)  One has to obtain
> other stuff from your website and figure out how to use it along with
> jumbo-patched JtR.

I apologize for taking so long to respond to this.

I believe that the included formats (i.e. NetLM, NetNTLM, NetLMv2,
NetNTLMv2) are useful without any of my other scripts/patches. These
challenge/response pairs can be extracted from a variety of places
(Ettercap, CAIN, MetaSploit, Wireshark, etc.). They also relate to a
number of different protocols (SMB authentication, MSCHAP in
LEAP/EAP-PEAP/PPTP, etc.). That said, their use will probably be limited
to a small number of very focused penetration testers.

I've uploaded a patch and added a link on the Wiki to hopefully improve
what's currently there of mine. The patch adds some documentation
related to the challenge/response formats, attempts to address your
concerns with the script and includes a "--config" option for

I've also uploaded a minor tweak for the Oracle format. I found that
"john -format:oracle -show" wasn't returning the cracked passwords. This
should correct that issue.

Please let me know if this is what you had in mind.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.