Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090407175719.GA24892@openwall.com>
Date: Tue, 7 Apr 2009 21:57:19 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Windows user/pass

On Mon, Apr 06, 2009 at 06:42:08PM +0200, Szarka G?bor wrote:
> Rendszergazda:500:8C,29,EF,93,BE,C6,DE,61,38,36,5F,40,C1,41,A0,90,7A:
> _D4,4F,DF,C5,F3,E2,0D,71,44,5C,56,E1,96,86,2A,60,XX:::

This is a format used by Login Recovery's boot disks, "VERSION:04".

> In this example Rendszergazda is the username. Is John capable of 
> cracking this password?

Yes, but you need to decode the hashes into the familiar PWDUMP format
first.  Please use the attached Perl script for that.

For the entry above, the corresponding PWDUMP format one would be:

Rendszergazda:500:9d6307323a52d5acaad3b435b51404ee:48c35339675681e5b8d0ca550afa9ed4:::

BTW, your password is of no more than 7 characters long.  We know this
because "aad3b435b51404ee" corresponds to an empty string.

Alexander

View attachment "lr4decode.pl" of type "text/plain" (724 bytes)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.