Date: Wed, 14 Apr 2010 12:41:33 -0500 From: jmk <jmk@...fus.net> To: john-users@...ts.openwall.com Subject: Re: NTLMv2 Challenge/Response Cracking On Tue, 2010-02-16 at 13:53 +0300, Solar Designer wrote: > Maybe we should include more of your stuff into the jumbo patch - > perhaps create a subdirectory under doc/ and place your patches to other > tools in there, with a text file explaining their use along with JtR. > What do you think? If you agree, then can you please prepare a "patch" > like this (to be applied on top of 126.96.36.199-jumbo-3)? > > My concern is that right now your "formats" integrated into the jumbo > patch are of little use on their own (or am I wrong?) One has to obtain > other stuff from your website and figure out how to use it along with > jumbo-patched JtR. I apologize for taking so long to respond to this. I believe that the included formats (i.e. NetLM, NetNTLM, NetLMv2, NetNTLMv2) are useful without any of my other scripts/patches. These challenge/response pairs can be extracted from a variety of places (Ettercap, CAIN, MetaSploit, Wireshark, etc.). They also relate to a number of different protocols (SMB authentication, MSCHAP in LEAP/EAP-PEAP/PPTP, etc.). That said, their use will probably be limited to a small number of very focused penetration testers. I've uploaded a patch and added a link on the Wiki to hopefully improve what's currently there of mine. The patch adds some documentation related to the challenge/response formats, attempts to address your concerns with the netntlm.pl script and includes a "--config" option for John. I've also uploaded a minor tweak for the Oracle format. I found that "john -format:oracle -show" wasn't returning the cracked passwords. This should correct that issue. Please let me know if this is what you had in mind. Thanks, Joe
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.