Didier Stevens

Thursday 21 July 2016

Practice ntds.dit File Part 8: Password Cracking With John the Ripper – LM NTLM

Filed under: Encryption — Didier Stevens @ 0:00

Using passwords recovered from LM hashes to crack NTLM hashes is easier with John the Ripper, because it comes with a rule (NT) to toggle all letter combinations:

John-the-Ripper-v1.8.0-jumbo-1-Win-32\run\john.exe --wordlist=lm-passwords.txt --rules=NT --pot=john-lm-ntlm.pot nt.john.out

Warning: detected hash type "NT", but the string is also recognized as "nt2"
Use the "--format=nt2" option to force loading these as that type instead
Loaded 43 password hashes with no different salts (NT [MD4 128/128 SSE2 + 32/32]
)
Warning: no OpenMP support for this hash type
Press 'q' or Ctrl-C to abort, almost any other key for status
123456           (user01)
FEPARAGON        (user20)
V                (user21)
Y6G              (user23)
aS               (user22)
*qFT             (user24)
lm1181992        (user16)
976b0            (user26)
*Vqc(            (user25)
Root1$           (Administrator)
Lzac08@          (user19)
kurt!!!          (user05)
XjW*wL           (user27)
yeliz6           (user14)
tadob            (user15)
zordic7          (user04)
maisie2007       (user12)
8N)IMRgQ57_      (user31)
girlish2020      (user06)
thurlow1         (user09)
cuningo          (user17)
A9LT5J$r         (user28)
Crx3#W+f         (user29)
beaufort1        (user10)
43PDlBR8tS#V     (user32)
453758487l       (user08)
F-62RqTo@m       (user30)
WBJ_Pvtz6i42AV   (user34)
rachelleanne     (user03)
amorosaoveja     (user07)
b#f1HvU@Qz7nk    (user33)
31g 0:00:00:00 DONE (2016-07-18 22:19) 382.7g/s 426851p/s 426851c/s 6317KC/s wbj_pvtz6I42av..wbj_pvtz6i42av
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Using –show:

John-the-Ripper-v1.8.0-jumbo-1-Win-32\run\john.exe --show --pot=john-lm-ntlm.pot ad-database\kali\dump\nt.john.out

Administrator:Root1$:S-1-5-21-3188177830-2933342842-421106997-500::
user01:123456:S-1-5-21-3188177830-2933342842-421106997-1106::
user03:rachelleanne:S-1-5-21-3188177830-2933342842-421106997-1108::
user04:zordic7:S-1-5-21-3188177830-2933342842-421106997-1109::
user05:kurt!!!:S-1-5-21-3188177830-2933342842-421106997-1110::
user06:girlish2020:S-1-5-21-3188177830-2933342842-421106997-1111::
user07:amorosaoveja:S-1-5-21-3188177830-2933342842-421106997-1112::
user08:453758487l:S-1-5-21-3188177830-2933342842-421106997-1113::
user09:thurlow1:S-1-5-21-3188177830-2933342842-421106997-1114::
user10:beaufort1:S-1-5-21-3188177830-2933342842-421106997-1115::
user12:maisie2007:S-1-5-21-3188177830-2933342842-421106997-1117::
user14:yeliz6:S-1-5-21-3188177830-2933342842-421106997-1119::
user15:tadob:S-1-5-21-3188177830-2933342842-421106997-1120::
user16:lm1181992:S-1-5-21-3188177830-2933342842-421106997-1121::
user17:cuningo:S-1-5-21-3188177830-2933342842-421106997-1122::
user19:Lzac08@:S-1-5-21-3188177830-2933342842-421106997-1124::
user20:FEPARAGON:S-1-5-21-3188177830-2933342842-421106997-1125::
user21:V:S-1-5-21-3188177830-2933342842-421106997-1126::
user22:aS:S-1-5-21-3188177830-2933342842-421106997-1127::
user23:Y6G:S-1-5-21-3188177830-2933342842-421106997-1128::
user24:*qFT:S-1-5-21-3188177830-2933342842-421106997-1129::
user25:*Vqc(:S-1-5-21-3188177830-2933342842-421106997-1130::
user26:976b0:S-1-5-21-3188177830-2933342842-421106997-1131::
user27:XjW*wL:S-1-5-21-3188177830-2933342842-421106997-1132::
user28:A9LT5J$r:S-1-5-21-3188177830-2933342842-421106997-1133::
user29:Crx3#W+f:S-1-5-21-3188177830-2933342842-421106997-1134::
user30:F-62RqTo@m:S-1-5-21-3188177830-2933342842-421106997-1135::
user31:8N)IMRgQ57_:S-1-5-21-3188177830-2933342842-421106997-1136::
user32:43PDlBR8tS#V:S-1-5-21-3188177830-2933342842-421106997-1137::
user33:b#f1HvU@Qz7nk:S-1-5-21-3188177830-2933342842-421106997-1138::
user34:WBJ_Pvtz6i42AV:S-1-5-21-3188177830-2933342842-421106997-1139::

31 password hashes cracked, 12 left

 

2 Comments »

  1. […] Practice ntds.dit File Part 8: Password Cracking With John the Ripper – LM NTLM […]

    Pingback by Practice ntds.dit File Overview | Didier Stevens — Monday 25 July 2016 @ 9:15

  2. […] Practice ntds.dit File Part 8: Password Cracking With John the Ripper – LM NTLM […]

    Pingback by Overview of Content Published In July | Didier Stevens — Monday 1 August 2016 @ 0:01


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: