Penetration Testing mailing list archives

Re: [PEN-TEST] NT 4.0 and MD4 Hash

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 6 Dec 2000 10:23:22 -0800

On Wed, 6 Dec 2000, Chad Gough wrote:


LanMan Hash: 5B4334DA1FB3A5FBAAD3B435B51404EE
NT hash:    827B5320B42E9FD95CBB0E63451B701E

However, when I MD4 encrypt the string magic I get the following as a
result:
5982FE41BF9A10BB937BD0AB095192B3

The SANS article mentions a unicode convert prior to hashing.  I get
the string "6D61676963" from a unicode conversion of magic.


Neither of these values will equate to the L0pht value.


I think you have to pad it out, as well.

In any case, the L0phtcrack command-line source can be downloaded.  Grab
it, look in ztest.c, and find the md4hash function.  That's the piece
you're looking for.

                                        Ryan

Current thread:

[PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
  - Re: [PEN-TEST] NT 4.0 and MD4 Hash Alfred Huger (Dec 07)
    - Re: [PEN-TEST] NT 4.0 and MD4 Hash Chris Paget (Dec 07)
    - Re: [PEN-TEST] NT 4.0 and MD4 Hash Etaoin Shrdlu (Dec 07)
    - Re: [PEN-TEST] NT 4.0 and MD4 Hash Olle Segerdahl (Dec 07)
    - Re: [PEN-TEST] NT 4.0 and MD4 Hash Denis Ducamp (Dec 10)
  - Re: [PEN-TEST] NT 4.0 and MD4 Hash Paul Cardon (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Frank Heyne (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Rory (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Ryan Russell (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Chad Gough (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Renshaw, Rick (R.) (Dec 07)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash Osborne-1, Brett (Dec 10)
- Re: [PEN-TEST] NT 4.0 and MD4 Hash crazytrain.com (Dec 10)