Security Basics mailing list archives
auditing nt hash
From: "Ryan Sebastian" <Ryan.Sebastian () comcast net>
Date: Thu, 6 Oct 2005 20:38:10 -0400
I'm trying to figure out the nt hash vs lm hash. I'm using pwdump2 and john. The OS is Windows XP pro (non-domain computer). I dump the hash with pwdump2 and then run John against it. All passwords are 4-8 characters and it finds the passwords relatively quickly. I went and set the nolmhash value to 1 and re-dumped the hash. The hash is exactly the same as before? I thought setting nolmhash was supposed to prevent storage of passwords? I'm guessing pwdump2 can still pull nthash? The password cracking seems to take the same amount of time. Can pwdump2 still pull the nt hash? Can john crack nt hashes or just lm? What am I doing incorrectly? Thanks dissolved
Current thread:
- auditing nt hash Ryan Sebastian (Oct 11)
- RE: auditing nt hash dave kleiman (Oct 11)