Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Jan 2014 09:15:47 -0500
From: Rob Fuller <jd.mubix@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking MSChap v2

@Rich I completely agree about WCE and Mimikatz, both are amazing tools and
clear text is great. However, both tools require coded execution and
administrator / SYSTEM access on a machine to do this. Gaining NetNTLMv1
hashes are MUCH easier to achieve using tools like Responder or other
WPAD/NBNS/LLMNR tools.

@magnum those are amazing speeds, are you saying that JtR jumbo already
does NetNTLMv1 => NTLM via DES hack/bypass/brute (not sure what the right
word is)

Finally, I totally agree the JtR is a "weak password finder". It's the same
answer I got from hashcat team (think it was Atom but it was a while ago I
ask (just re-asked in their channel yesterday as well). But honestly I have
no where else to go to ask for this. The JtR and Hashcat teams would be the
only people who could accomplish a feat like this for the public security
community.




--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Tue, Jan 14, 2014 at 8:24 AM, Rich Rumble <richrumble@...il.com> wrote:

> On Tue, Jan 14, 2014 at 7:25 AM, Richard B. Tilley <brad@....us> wrote:
> > Rich,
> >
> > I agree with your assessment and have seen these tools in use by bad
> guys on networks. Mimikatz can dump domain credentials, too, if a user has
> authenticated to the machine (where Mimikatz is running) using domain
> credentials. If a domain or enterprise admin authenticates, the rest is
> history.
> >
> > That's all I had. Hope this is not too off-topic for john-users. My
> apologies if it is.
> Bottom line is JtR doesn't bruteforce or strip the elements off the
> challenge response like CloudCracker can and leave you with just the
> hash. Since JtR has it's roots in weak password finding, and NTLM is
> very fast, you could potentially recover the plain-text password in a
> reasonable amount of time rather than "pass the hash". Someone on here
> I'm sure could create a patch, JtR arguably has the fastest DES code
> out there, so maybe this could be a patch for JtR. I think this was a
> good discussion and JtR appropriate. It almost sounds like you could
> script the task, but I'm no programmer so I'm probably way off on that
> :)
> -rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.