Date: Mon, 13 Jan 2014 20:14:03 -0500 From: Rob Fuller <jd.mubix@...il.com> To: john-users@...ts.openwall.com Subject: Re: Cracking MSChap v2 @RichRumble => The big deal for me is because I'm an ops guy. I worry about useable, if the gun fires good enough to kill my enemy, it's good enough for me. The fact that if I can get an NetNTLMv1 hash, no matter how long or complex it is and in 23 hours with cloudcrack.com I can turn it into something useable (pass the hash) is huge. Problem is, I have too many legal and ethical concerns about submitting even a hash to an online hash cracking tool that this removes it from my tool box since no tool out there that I know of can "crack" it the same way cloud crack does. I understand this isn't the traditional "cracking" to clear text, but it's certainly a game changer on the attacker / offensive security front. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Mon, Jan 13, 2014 at 7:14 PM, NRO <nro117gm@...il.com> wrote: > I hope I'm not dumbing down the thread too much but: I got JTR Bleeding > Jumbo installed and running and was able to enter the hash noted earlier in > this thread. So far it's been running for 19 hours. So far no results and > I'm not sure how to verify whether or not there is progress. > > Have hit enter to get status but it just shoes 0 guesses. > > > On Jan 13, 2014, at 3:48 PM, Pedro Worcel <pedro@...cel.com> wrote: > > > > Thanks for this, I enjoyed the read. > > > > > > 2014/1/14 Rich Rumble <richrumble@...il.com> > > > >>> On Mon, Jan 13, 2014 at 5:54 PM, Rob Fuller <jd.mubix@...il.com> > wrote: > >>> Looked through the source and mailing list, but couldn't find it, has > >> there > >>> been any work on cracking NetNTLMv1 down to NTLM hashes? > >> > http://markgamache.blogspot.com/2013/01/ntlm-challenge-response-is-100-broken.html > >>> https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ > >> That blog post was grandstanding pure an simple, ntlmv1 has been > >> broken well before that blog post, by plenty of others.Every cracker > >> I've ever used broke the challange and the password, l0pht was first, > >> cain is still good. I just re-read the post (I even have an old > >> comment on it when it came out), I don't see what the fuss was about > >> with that blog post, other than it got some attention, when reading it > >> all I can think about is: > >> http://www.quickmeme.com/it-is-known > >> I believe there are patches for NetNTLMv1 in the Jumbo versions of JtR > >> http://www.openwall.com/lists/john-users/2010/07/09/1 > >> https://www.google.com/search?q=site%3Aopenwall.com+netntlm > >> -rich > > > > > > > > -- > > GPG: http://is.gd/droope <http://is.gd/signature_> >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.