lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1683372804.20050730132451@SECURITY.NNOV.RU>
Date: Sat Jul 30 10:24:57 2005
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Best way to crack NT passwds

Dear X u r r o n,

You  needn't  actually crack the password if you know your hash, because
cleartext password is never used in Windows environment. You could apply
this patch to md4.c from Samba distribution:

--- md4.c.orig  2004-04-04 11:37:00.000000000 +0400
  +++ md4.c       2004-10-27 23:01:31.000000000 +0400
  @@ -130,6 +130,21 @@
          C = 0x98badcfe;
          D = 0x10325476;
  +
  +       if(n == 64){
  +        int j;
  +        unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
  +        for(j = 0; j<16; j++){
  +         if(!strchr(hexd, in[(j<<2)]))break;
  +         if(in[(j<<2)+1])break;
  +         if(!strchr(hexd, in[(j<<2)+2]))break;
  +         if(in[(j<<2)+3])break;
  +         out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
  +         out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
  +        }
  +        if(j == 16) return;
  +       }
  +
          while (n > 64) {
                  copy64(M, in);
                  mdfour64(M);

And  change  your  password with Samba utilities by entering NT password
hash (in HEX) instead of password then prompted.

--Saturday, July 30, 2005, 12:15:47 PM, you wrote to full-disclosure@...ts.grok.org.uk:

Xurron> hiya!
Xurron> I have tried many softwares for cracking NTLM hashes, like NC4,
Cain and have't tried Rainbow Crack yet.
Xurron> Once i had to recover my XPs lost admin password and i spend
around 1 day but Cain/NC4 were not able to guess that. Then i posted
that hashes on some site and it did recover my passwd in around 5min. I
want to know which technique they used to crack so fast ?

Xurron> Xurron


-- 
~/ZARAZA
http://www.security.nnov.ru/

Powered by blists - more mailing lists