Penetration Testing mailing list archives
Re: [PEN-TEST] NT 4.0 and MD4 Hash
From: Rory <nazgul () CSN UL IE>
Date: Wed, 6 Dec 2000 19:59:17 +0000
I know alot of people have replied to this but none of them have mentioned this. I was under the impression that if the password was under 7 characters (which 'magic' is) a known constant is appended to the the password (before or after the hash I am not sure). To fill out to a length that NT likes and maybe thats why you are not seeing the same hash both times. Could be way off 'cos I am writing this from memory but i' m sure people will set me straight :) Hope this helps, Rory p.s. Can't remeber exazctly what this constant is but i'm sure you can find it somewhere in l0pht documentation. On Wed, 6 Dec 2000, Chad Gough wrote:
Please fix the error in my ways.. ;-) I was under the impression that the NT hash (not the LM hash) was a straight MD4 hash with no salt value. A SANS article confirms this at: http://www.sans.org/infosecFAQ/logon.htm Using L0phtCrack and a test account with username Administrator, password "magic" (no quotes). L0pht Crack reads the values as: Administrator:"MAGIC":"magic":5B4334DA1FB3A5FBAAD3B435B51404EE:827B5320B 42E9FD95CBB0E63451B701E LanMan Hash: 5B4334DA1FB3A5FBAAD3B435B51404EE NT hash: 827B5320B42E9FD95CBB0E63451B701E However, when I MD4 encrypt the string magic I get the following as a result: 5982FE41BF9A10BB937BD0AB095192B3 I have tried this several times with various utilities including: http://www.persits.net/encrypt/demo_hash.asp The SANS article mentions a unicode convert prior to hashing. I get the string "6D61676963" from a unicode conversion of magic. Neither of these values will equate to the L0pht value. Can someone please tell me where I am going wrong?? Thanks in advance. Chad Security Consultant chad131 () yahoo com __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Current thread:
- [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Renshaw, Rick (R.) (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Osborne-1, Brett (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash crazytrain.com (Dec 10)