Re: Best way to crack NT passwds

[Paul Farrow <augm58 () dsl pipex com>]

Chances are the system used by the website was a multi-processor beast 
of machine, able to maximise cpu time to cracking the passwords.
If you can get the password hash, then your best bet is to run it 
through jtr(john the ripper).

C:\toolkit\passwords\pwdump> pwdump2
Administrator:500:62b239ea3de3b4142e04d2d295f821b0:a929535485de3b5088923fd58d02cca2:::
ASPNET:1000:f5052a93de1b6a7848d83fff52bb5c55:264d62a5f32f74bb6df2642a514fd17f:::
Guest:501:d9dce10ca0c8ba7baad3b435b51404ee:672e556cf53bf2a83c36bead6383212b:::
__vmware_user__:1002:aad3b435b51404eeaad3b435b51404ee:69deddc712c272b33e31fae0f4b82a73:::

C:\toolkit\passwords\pwdump> pwdump2 > passwords.dump
C:\toolkit\passwords\john>john -incremental passwords.dump
Loaded 4 passwords with no different salts (NT LM DES [24/32 4K])
TEST0R              (Administrator:2)
guesses: 1  time: 0:00:00:20  c/s: 9045001  trying: PMSBRK - HLEYKL


Thats on a 1.987mhz AMD processor in windows 2000, running about 30 
other things at once.


Hope this helps.

X u r r o n wrote:

> hiya!
> I have tried many softwares for cracking NTLM hashes, like NC4, Cain 
> and have't tried Rainbow Crack yet.
> Once i had to recover my XPs lost admin password and i spend around 1 
> day but Cain/NC4 were not able to guess that. Then i posted that 
> hashes on some site and it did recover my passwd in around 5min. I 
> want to know which technique they used to crack so fast ?
>
> Xurron
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/