.

John The Ripper crack upper letter

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Dec 09, 2011 12:01 am

John The Ripper crack upper letter

I am doing a lab for CPTE, I got a SAM from my Windows XP vulnerable.

When I run:

john hashes.txt

The tool crack the password but put it all in upper letters when I know that it is not true, I googled and I did not get anything, any idea why?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Dec 09, 2011 12:22 am

Re: John The Ripper crack upper letter

Read up on LM/NTLM hashing.  Here's one page I found that gives a quick run down near the beginning:

http://insidetrust.blogspot.com/2011/01 ... r-jtr.html

It also goes into tweaking JTR to crack and show upper-/lowercase.  I haven't tested this on my own, just something I found real quick.  Hope it helps!
GSEC, eCPPT, Sec+
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Dec 09, 2011 9:06 am

Re: John The Ripper crack upper letter

impelse, LM hashes convert everything to uppercase, meaning that passwords using LM hashes would be case insensitive.

Check out the wiki page for LM Hashes:
http://en.wikipedia.org/wiki/LM_hash

The LM hash is computed as follows:

  1.  The user’s ASCII password is converted to uppercase.


Another interesting thing to note, is that it separates the password into two 7 character parts, and hashes them separately. Anything more than 14 characters is truncated, and you never have to crack a hash of more than 7 characters. :o

NTLM hashes are a bit more complex. :)
Put that in your pipe and grep it!
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Dec 09, 2011 9:59 am

Re: John The Ripper crack upper letter

Oh man, I will need to reveiw very carefully this, I thought I was understanding what I was doing.

This is my problem, when I get some issue, I stayed until I get it and this mean that I never move forward....

I think is good.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sat Dec 10, 2011 10:29 pm

Re: John The Ripper crack upper letter

lorddicranius wrote:Read up on LM/NTLM hashing.  Here's one page I found that gives a quick run down near the beginning:

http://insidetrust.blogspot.com/2011/01 ... r-jtr.html

It also goes into tweaking JTR to crack and show upper-/lowercase.  I haven't tested this on my own, just something I found real quick.  Hope it helps!


I followed the tutorial of this link and yep, I got it the right way, lower and uppercase, very interesting... Now I will follow the lab with Cain and Abel
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sun Dec 11, 2011 12:33 am

Re: John The Ripper crack upper letter

Glad it worked for ya!  Thanks for the heads up as well, letting us know it worked.  I'll reference that site again when I jump back into studying password cracking.
GSEC, eCPPT, Sec+
<<

millwalll

Post Mon Dec 12, 2011 7:45 am

Re: John The Ripper crack upper letter

You may want check out http://korelogic.com/
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Mon Dec 12, 2011 12:04 pm

Re: John The Ripper crack upper letter

Yeah, the trick here is to have both the LM hash and the NTLM hash.

Once you crack both 7-character, all uppercase, LM hashes, it will use that to crack the NTLM hash, like a dictionary. It will try every combination of upper and lower to give you the proper password.

Cain & Abel is really easy to do this also, but it's a bit slower than John The Ripper.
Put that in your pipe and grep it!

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software