HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 34 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow John The Ripper crack upper letter
EH-Net
May 20, 2013, 07:23:45 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: John The Ripper crack upper letter  (Read 5625 times)
0 Members and 1 Guest are viewing this topic.
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« on: December 08, 2011, 11:01:22 PM »
I am doing a lab for CPTE, I got a SAM from my Windows XP vulnerable.

When I run:

john hashes.txt

The tool crack the password but put it all in upper letters when I know that it is not true, I googled and I did not get anything, any idea why?
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #1 on: December 08, 2011, 11:22:32 PM »
Read up on LM/NTLM hashing.  Here's one page I found that gives a quick run down near the beginning:

http://insidetrust.blogspot.com/2011/01/password-cracking-using-john-ripper-jtr.html

It also goes into tweaking JTR to crack and show upper-/lowercase.  I haven't tested this on my own, just something I found real quick.  Hope it helps!
Logged
GSEC, eCPPT, Sec+
eth3real
Sr. Member
****
Offline Offline

Posts: 309



View Profile WWW
« Reply #2 on: December 09, 2011, 08:06:27 AM »
impelse, LM hashes convert everything to uppercase, meaning that passwords using LM hashes would be case insensitive.

Check out the wiki page for LM Hashes:
http://en.wikipedia.org/wiki/LM_hash

Quote
The LM hash is computed as follows:

   1.  The user’s ASCII password is converted to uppercase.

Another interesting thing to note, is that it separates the password into two 7 character parts, and hashes them separately. Anything more than 14 characters is truncated, and you never have to crack a hash of more than 7 characters. Shocked

NTLM hashes are a bit more complex. Smiley
Logged
Put that in your pipe and grep it!
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« Reply #3 on: December 09, 2011, 08:59:48 AM »
Oh man, I will need to reveiw very carefully this, I thought I was understanding what I was doing.

This is my problem, when I get some issue, I stayed until I get it and this mean that I never move forward....

I think is good.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« Reply #4 on: December 10, 2011, 09:29:23 PM »
Quote from: lorddicranius on December 08, 2011, 11:22:32 PM
Read up on LM/NTLM hashing.  Here's one page I found that gives a quick run down near the beginning:

http://insidetrust.blogspot.com/2011/01/password-cracking-using-john-ripper-jtr.html

It also goes into tweaking JTR to crack and show upper-/lowercase.  I haven't tested this on my own, just something I found real quick.  Hope it helps!

I followed the tutorial of this link and yep, I got it the right way, lower and uppercase, very interesting... Now I will follow the lab with Cain and Abel
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #5 on: December 10, 2011, 11:33:52 PM »
Glad it worked for ya!  Thanks for the heads up as well, letting us know it worked.  I'll reference that site again when I jump back into studying password cracking.
Logged
GSEC, eCPPT, Sec+
millwalll
Guest
« Reply #6 on: December 12, 2011, 06:45:50 AM »
You may want check out http://korelogic.com/
Logged
eth3real
Sr. Member
****
Offline Offline

Posts: 309



View Profile WWW
« Reply #7 on: December 12, 2011, 11:04:20 AM »
Yeah, the trick here is to have both the LM hash and the NTLM hash.

Once you crack both 7-character, all uppercase, LM hashes, it will use that to crack the NTLM hash, like a dictionary. It will try every combination of upper and lower to give you the proper password.

Cain & Abel is really easy to do this also, but it's a bit slower than John The Ripper.
Logged
Put that in your pipe and grep it!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.055 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.