Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 46 guests and 2 members online
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Network Pen Testing
John The Ripper crack upper letter
EH-Net
May 23, 2013, 07:25:00 AM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Network Pen Testing
(Moderator:
don
) >
John The Ripper crack upper letter
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: John The Ripper crack upper letter (Read 5653 times)
0 Members and 1 Guest are viewing this topic.
impelse
Hero Member
Offline
Posts: 565
John The Ripper crack upper letter
«
on:
December 08, 2011, 11:01:22 PM »
I am doing a lab for CPTE, I got a SAM from my Windows XP vulnerable.
When I run:
john hashes.txt
The tool crack the password but put it all in upper letters when I know that it is not true, I googled and I did not get anything, any idea why?
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training
Website:
http://blog.thehost1.com/
lorddicranius
Sr. Member
Offline
Posts: 447
Re: John The Ripper crack upper letter
«
Reply #1 on:
December 08, 2011, 11:22:32 PM »
Read up on LM/NTLM hashing. Here's one page I found that gives a quick run down near the beginning:
http://insidetrust.blogspot.com/2011/01/password-cracking-using-john-ripper-jtr.html
It also goes into tweaking JTR to crack and show upper-/lowercase. I haven't tested this on my own, just something I found real quick. Hope it helps!
Logged
GSEC, eCPPT, Sec+
eth3real
Sr. Member
Offline
Posts: 309
Re: John The Ripper crack upper letter
«
Reply #2 on:
December 09, 2011, 08:06:27 AM »
impelse, LM hashes convert everything to uppercase, meaning that passwords using LM hashes would be case insensitive.
Check out the wiki page for LM Hashes:
http://en.wikipedia.org/wiki/LM_hash
Quote
The LM hash is computed as follows:
1. The user’s ASCII password is converted to uppercase.
Another interesting thing to note, is that it separates the password into two 7 character parts, and hashes them separately. Anything more than 14 characters is truncated, and you never have to crack a hash of more than 7 characters.
NTLM hashes are a bit more complex.
Logged
Put that in your pipe and grep it!
impelse
Hero Member
Offline
Posts: 565
Re: John The Ripper crack upper letter
«
Reply #3 on:
December 09, 2011, 08:59:48 AM »
Oh man, I will need to reveiw very carefully this, I thought I was understanding what I was doing.
This is my problem, when I get some issue, I stayed until I get it and this mean that I never move forward....
I think is good.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training
Website:
http://blog.thehost1.com/
impelse
Hero Member
Offline
Posts: 565
Re: John The Ripper crack upper letter
«
Reply #4 on:
December 10, 2011, 09:29:23 PM »
Quote from: lorddicranius on December 08, 2011, 11:22:32 PM
Read up on LM/NTLM hashing. Here's one page I found that gives a quick run down near the beginning:
http://insidetrust.blogspot.com/2011/01/password-cracking-using-john-ripper-jtr.html
It also goes into tweaking JTR to crack and show upper-/lowercase. I haven't tested this on my own, just something I found real quick. Hope it helps!
I followed the tutorial of this link and yep, I got it the right way, lower and uppercase, very interesting... Now I will follow the lab with Cain and Abel
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training
Website:
http://blog.thehost1.com/
lorddicranius
Sr. Member
Offline
Posts: 447
Re: John The Ripper crack upper letter
«
Reply #5 on:
December 10, 2011, 11:33:52 PM »
Glad it worked for ya! Thanks for the heads up as well, letting us know it worked. I'll reference that site again when I jump back into studying password cracking.
Logged
GSEC, eCPPT, Sec+
millwalll
Guest
Re: John The Ripper crack upper letter
«
Reply #6 on:
December 12, 2011, 06:45:50 AM »
You may want check out
http://korelogic.com/
Logged
eth3real
Sr. Member
Offline
Posts: 309
Re: John The Ripper crack upper letter
«
Reply #7 on:
December 12, 2011, 11:04:20 AM »
Yeah, the trick here is to have both the LM hash and the NTLM hash.
Once you crack both 7-character, all uppercase, LM hashes, it will use that to crack the NTLM hash, like a dictionary. It will try every combination of upper and lower to give you the proper password.
Cain & Abel is really easy to do this also, but it's a bit slower than John The Ripper.
Logged
Put that in your pipe and grep it!
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
News Items and General Discussion About EH-Net
: was zeus father cronus
(0) by
Dotashuts
Cyber Warfare
: Von Zoo York Um Supra , In Style .
(0) by
Zhouqulai
CSTA - Certified Security Testing Associate
: Louis Vuitton Handtaschen In Lego Version
(0) by
Zhouqulai
Incident Response
: Red -carpet Shinning - Louis Vuitton-Monogramm Shimmer Halo
(0) by
Zhouqulai
Editor-In-Chief
: Special Xmas Deal: 10% Off eLearnSecurity Courses
(3) by
hekvvddtest
Greetings
: Hello
(6) by
hekvvddtest
Greetings
: Obtain The Scoop On mulberry bags Before You Are Too Late
(13) by
hekvvddtest
Calendar Of Events
: HITBSecConf2013 – Amsterdam
(9) by
hekvvddtest
Special Events
: [Article]-Webcast: Deep Dive into Red Teaming with the Metasploit Framework
(19) by
hekvvddtest
Network Pen Testing
: HackaServer - Anyone tried it?
(4) by
hekvvddtest
Greetings
: Good day ...
(7) by
hekvvddtest
Gates
: Chris Gates' Blog RSA Finalist
(5) by
hekvvddtest
Network Pen Testing
: Ruby on Rails Vulnerabilities / Attacks in BackTrack 5 r3
(1) by
hekvvddtest
General Certification
: nth topic on Career Advice
(9) by
hekvvddtest
General Certification
: Direction
(5) by
hekvvddtest
Hardware
: Discreet Hacking Devices
(8) by
hekvvddtest
Calendar Of Events
: CanSecWest 2013
(5) by
hekvvddtest
Forensics
: Burn Note
(5) by
hekvvddtest
Calendar Of Events
: Cyber Readiness Challenge - Rome
(1) by
hekvvddtest
GCIH - GIAC Certified Incident Handler
: GCIH Free Practice test attempt
(0) by
prats84
GCIH - GIAC Certified Incident Handler
: Passed my GCIH
(0) by
prats84
News Items and General Discussion About EH-Net
: Change is Coming to EH-Net!!
(27) by
don
Greetings
: Hi from the UK
(2) by
n37sh@rk
Network Pen Testing
: AIX Vulnerability Assessments
(2) by
ras76
Tutorials
: Need guidance
(9) by
hanyhasan
Programming
: Finished Python Course in Codecademy now what?
(15) by
hanyhasan
Network Pen Testing
: De-ICE 1.140 released!
(2) by
superkojiman
General Certification
: CPT Practical Submission
(1) by
UNIX
OSCP - Offensive Security Certified Professional
: Failed my first attempt at the OSCP exam
(94) by
azmatt
Tools
: Social-Engineer Toolkit (SET) Version 5.0 “The Wild West” Released
(2) by
m0wgli
Malware
: EICAR?
(3) by
UKSecurityGuy
Advisories
: HTB23154: Multiple Vulnerabilities in Exponent CMS
(0) by
AndyP
Advisories
: HTB23153: Multiple Vulnerabilities in Jojo CMS
(0) by
AndyP
Advisories
: HTB23151: Cross-Site Request Forgery (CSRF) in UMI.CMS
(0) by
AndyP
OSCP - Offensive Security Certified Professional
: Class Scheduled 6/8 - Linux n00b
(7) by
Taemyks
OSCP - Offensive Security Certified Professional
: OSCP exam scheduled
(6) by
gbhat
Incident Response
: LinkedIn Forensics
(0) by
AFENTIS_Forensics
General Certification
: Red Team/Blue Team
(1) by
ajohnson
Career Central
: Starter cert?
(3) by
Grendel
Network Pen Testing
: Beginner Ethical Hacker
(1) by
m0wgli
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
News Items and General Discussion About EH-Net : was zeus father cronus 
