Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 12 Nov 2011 02:38:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLM challenge/response cracking (again...)

On Fri, Nov 11, 2011 at 11:09:37PM +0100, rootkit rootkit wrote:
> Sure, here it is. I didn't change the password as it's just a testing
> one. I won't include the username though, hope it's not important

Actually, the username is important, because:

> password: welcome103
> 
> username:::19448aa9bd58a2adb6e690256fae100d47456f959bb61fa1:e6b41f380a23789abedd5a701c1c32bd0101000000000000:d3c4518b1ae3f15a

this Google web search:

http://www.google.com/search?q=ntlm+0101000000000000

suggests that you have NTLMv2 here.  In JtR's NETNTLMv2_fmt_plug.c you
can see that test vectors do indeed include the username.  So please try
to format your sample according to those and include the right username
and domain, then let john-users know what happens.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.