lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1683372804.20050730132451@SECURITY.NNOV.RU> Date: Sat Jul 30 10:24:57 2005 From: 3APA3A at SECURITY.NNOV.RU (3APA3A) Subject: Best way to crack NT passwds Dear X u r r o n, You needn't actually crack the password if you know your hash, because cleartext password is never used in Windows environment. You could apply this patch to md4.c from Samba distribution: --- md4.c.orig 2004-04-04 11:37:00.000000000 +0400 +++ md4.c 2004-10-27 23:01:31.000000000 +0400 @@ -130,6 +130,21 @@ C = 0x98badcfe; D = 0x10325476; + + if(n == 64){ + int j; + unsigned char * hexd = (unsigned char *)"0123456789ABCDEF"; + for(j = 0; j<16; j++){ + if(!strchr(hexd, in[(j<<2)]))break; + if(in[(j<<2)+1])break; + if(!strchr(hexd, in[(j<<2)+2]))break; + if(in[(j<<2)+3])break; + out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4); + out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd); + } + if(j == 16) return; + } + while (n > 64) { copy64(M, in); mdfour64(M); And change your password with Samba utilities by entering NT password hash (in HEX) instead of password then prompted. --Saturday, July 30, 2005, 12:15:47 PM, you wrote to full-disclosure@...ts.grok.org.uk: Xurron> hiya! Xurron> I have tried many softwares for cracking NTLM hashes, like NC4, Cain and have't tried Rainbow Crack yet. Xurron> Once i had to recover my XPs lost admin password and i spend around 1 day but Cain/NC4 were not able to guess that. Then i posted that hashes on some site and it did recover my passwd in around 5min. I want to know which technique they used to crack so fast ? Xurron> Xurron -- ~/ZARAZA http://www.security.nnov.ru/
Powered by blists - more mailing lists