Date: Mon, 21 Sep 2015 09:05:10 +0200 From: patpro@...pro.net To: john-users@...ts.openwall.com Subject: Re: best setup to crack format nt or nt2 Hi Rich, On 21 sept. 2015, at 01:07, Rich Rumble <richrumble@...il.com> wrote: > On Sun, Sep 20, 2015 at 4:35 PM, Patrick Proniewski <patpro@...pro.net> wrote: >> I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file. > http://openwall.info/wiki/john/hash-formats > username:nt_hash_here is a very simple format, but using the usernames > as a dictionary can be beneficial, you should try -single crack mode > first, it should use the username's (and if you put any thing > "artifically" in a GECOS field). That's what I had in mind. I've already done this kind of exercise with LDIF export of our main LDAP directory, feeding GECOS fields with available data. I'm not proficient with Windows techno, but it seems I wont be able to recover full name/first name from the AD dump that easily. >> I've made some tests already: LM hash is unused, the other hash is recognized as nt and nt2. Is there any difference between those too formats? Apparently, I can use either --format=nt or --format=nt2 with same results. > http://www.openwall.com/lists/john-users/2012/11/15/12 Thank you, I'll make some benches on the final CPU then. >> I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup. > NT is "fast", and as of now OpenMP will not be of benefit for this format, > http://openwall.info/wiki/john/parallelization > Fork will however will help reduce the work by 8 :) Have a look at > this cheat sheet for attacks you may want to try: > https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheat-sheet.pdf > Or my article here: > https://xinn.org/blog/JtR-AD-Password-Auditing.html (needs updating a > bit, fork is fixed now) Very nice, thank you! Patrick
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.