Re: Brute-forcing cached Windows login password hashes

To:	pen-test@securityfocus.com
Subject:	Re: Brute-forcing cached Windows login password hashes
From:	wymerzp@sbu.edu
Date:	26 Jul 2007 12:51:11 -0000
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date:	Thu, 26 Jul 2007 22:20:20 -0600 (MDT)
Resent-from:	pen-test-return-1078484704@securityfocus.com
Resent-message-id:	<20070727042020.DEFB5236F46@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

I know for a fact that rainbow tables won't work IF the passwords are salted.

Salt is used to randomize the stored password            hash. With different 
salt value, same password yeilds different hash value. The time-memory 
trade-off technique used by RainbowCrack is not practical when appliable to 
this kind of hash.
http://www.antsight.com/zsl/rainbowcrack/faq.htm

You will have the patch depending on what version of JTR you have:

[T]o add support for cracking of sniffed LM/NTLMv1 challenge/response exchanges 
to John the Ripper. The patch is now listed on John the Ripper homepage and it 
is a part of the latest revision of the jumbo patch for John the Ripper 1.7.2.
http://www.openwall.com/

I believe that the patch exists here:
http://www.foofus.net/~jmk/tools/jtr/john-1.7.2-all-netlm-netntlm-jmk-2.diff

Good Luck,
Zach

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Brute-forcing cached Windows login password hashes, Ben Greenberg Re: Brute-forcing cached Windows login password hashes, Jerome Athias RE: Brute-forcing cached Windows login password hashes, Ben Greenberg SV: Brute-forcing cached Windows login password hashes, Per Thorsheim Re: Brute-forcing cached Windows login password hashes, Mathieu CHATEAU Re: Brute-forcing cached Windows login password hashes, Carl Livitt Re: Brute-forcing cached Windows login password hashes, Mathieu CHATEAU Re: Brute-forcing cached Windows login password hashes, Carl Livitt SV: Brute-forcing cached Windows login password hashes, Per Thorsheim Re: Brute-forcing cached Windows login password hashes, wymerzp <=

Previous by Date:	RE: Brute-forcing cached Windows login password hashes, Ben Greenberg
Next by Date:	Re: Breaking from MySQL to Linux system (SQL Injection)., Marco Ivaldi
Previous by Thread:	SV: Brute-forcing cached Windows login password hashes, Per Thorsheim
Next by Thread:	server port hardening assessment, jimmy wong
Indexes:	[Date] [Thread] [Top] [All Lists]