Re: Brute-forcing cached Windows login password hashes

From: wymerzp@sbu.edu
Date: Thu Jul 26 2007 - 08:51:11 EDT

('binary' encoding is not supported, stored as-is) I know for a fact that rainbow tables won't work IF the passwords are salted.

Salt is used to randomize the stored password hash. With different salt value, same password yeilds different hash value. The time-memory trade-off technique used by RainbowCrack is not practical when appliable to this kind of hash.
http://www.antsight.com/zsl/rainbowcrack/faq.htm

You will have the patch depending on what version of JTR you have:

[T]o add support for cracking of sniffed LM/NTLMv1 challenge/response exchanges to John the Ripper. The patch is now listed on John the Ripper homepage and it is a part of the latest revision of the jumbo patch for John the Ripper 1.7.2.
http://www.openwall.com/

I believe that the patch exists here:
http://www.foofus.net/~jmk/tools/jtr/john-1.7.2-all-netlm-netntlm-jmk-2.diff

Good Luck,
Zach

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT