Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1176414196.15555.43.camel@localhost>
Date: Thu, 12 Apr 2007 16:43:16 -0500
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: Initial seed password

On Sat, 2007-04-07 at 20:16 +0400, Solar Designer wrote:
> Yes, please do.  Thanks!

I've posted my attempt at LM/NTLMv1 challenge/response cracking:

http://www.foofus.net/~jmk/tools/jtr/lm_chall_resp.diff

It seems to work to crack hashes in the old .lc format which is what
Cain & Abel appears to use:

username:::lm response:ntlm response:challenge

My implementation is probably pretty poor. This was my first attempt at
hacking in a new format into John and I was thoroughly confused.
Fortunately, while probably not as efficient as it could be, it seems to
work for what I wanted. ;) Any comments on what I should have done
different are welcome.

One quick question... The LM response is based on an upper-case version
of the user's password. I believe that John should only be testing
case-insensitive passwords here and the netlm code upper-cases the test
value when generating the response to compare, so the results are
accurate. However, in some cases when it succeeds, John reports a
mixed-case password. How do I force John to always display the
upper-case version of that password?

> What will work best is a combination of John's "incremental" mode with
> an external filter() (which you will actually use to prefix candidate
> passwords with your known 7 characters).  An example is available here:

This seems to be just what I'm looking for. Thanks!

I while back a coworker of mine modified John to log the time it took to
crack a hash. This has been useful for us when cracking a hash that
already existed in the .pot file and we would like to know how long it
initially took to break. FWIW, I've posted his work here:

http://www.foofus.net/~jmk/tools/jtr/readme.html

Joe


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.