Date: Sat, 12 Nov 2011 02:38:49 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: NTLM challenge/response cracking (again...) On Fri, Nov 11, 2011 at 11:09:37PM +0100, rootkit rootkit wrote: > Sure, here it is. I didn't change the password as it's just a testing > one. I won't include the username though, hope it's not important Actually, the username is important, because: > password: welcome103 > > username:::19448aa9bd58a2adb6e690256fae100d47456f959bb61fa1:e6b41f380a23789abedd5a701c1c32bd0101000000000000:d3c4518b1ae3f15a this Google web search: http://www.google.com/search?q=ntlm+0101000000000000 suggests that you have NTLMv2 here. In JtR's NETNTLMv2_fmt_plug.c you can see that test vectors do indeed include the username. So please try to format your sample according to those and include the right username and domain, then let john-users know what happens. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.