Security Basics mailing list archives
RE: auditing nt hash
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 11 Oct 2005 13:23:22 -0400
Ryan, You have to reboot and reset the password after setting the nolmhash value to 1. If you do not the LM hash still exists. Regards, __________________________________________________ Dave Kleiman, CAS,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE www.SecurityBreachResponse.com
-----Original Message----- From: Ryan Sebastian [mailto:Ryan.Sebastian () comcast net] Sent: Thursday, October 06, 2005 20:38 To: security-basics () securityfocus com Subject: auditing nt hash I'm trying to figure out the nt hash vs lm hash. I'm using pwdump2 and john. The OS is Windows XP pro (non-domain computer). I dump the hash with pwdump2 and then run John against it. All passwords are 4-8 characters and it finds the passwords relatively quickly. I went and set the nolmhash value to 1 and re-dumped the hash. The hash is exactly the same as before? I thought setting nolmhash was supposed to prevent storage of passwords? I'm guessing pwdump2 can still pull nthash? The password cracking seems to take the same amount of time. Can pwdump2 still pull the nt hash? Can john crack nt hashes or just lm? What am I doing incorrectly? Thanks dissolved
Current thread:
- auditing nt hash Ryan Sebastian (Oct 11)
- RE: auditing nt hash dave kleiman (Oct 11)