Date: Fri, 11 Nov 2011 18:29:22 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: NTLM challenge/response cracking (again...) 2011-11-11 16:42, rootkit rootkit wrote: > I have a few NTLM C/R proxy authentications sniffed with ettercap and > I'm trying to crack them. They look like the usual: > > user:::LM:NTLM:CHALLENGE > > The challenge changes every time as this is just a sniff. > > Information on this topic are very difficult to find. At the beginning > I was thinking about generating rainbow tables for each different > CHALLENGE, but that would be really too much. It would miss the whole point of rainbow tables. In short, if you do not already have the tables, cracking with JtR will be quicker. > However there's something I don't understand: does the NETLM cracking > work only if the challenge is 1122334455667788? Would it work for any > challenge? JtR works for any challenge. That particular challenge stems from some old public attacks where the challenge was forced to this value, thereby making the salt (challenge) "worthless". And, because of this, I'm pretty sure there are rainbow tables for that very challenge. > I'm asking this because I tried to crack my own account (of which I > know the password) using a dictionary with my password in it, and it > didn't work. And it did not work with brute force either. Like Solar said, post some example hashes. It should work if you do it right - at least if you run JtR version 1.7.7-jumbo-5 or newer. Earlier versions had a variety of shortcomings and was also substantially slower for these hashes. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.