Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Best way to crack NT passwds

From: "ad () class101 org" <ad () class101 org>
Date: Sat, 30 Jul 2005 23:17:07 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yup this application is probably the best for lm hashes , the main problem is then to generate a table as the alphanumsymbol15 one, basically it takes a lot of time , around 6months on only 1 comp 1ghz, else you can still find some nice free services as http://milw0rm.com/md5 and some other similiar websites, but I guess their queue is full, nor the best solution is to look at the official rbcrack website, the founder is selling alphanumsymbol15 if I remember, nor on 20 computers 3Ghz you can expect 2weeks, 'shrink' purdue :> 

At 15:32 30/07/05, Paul Farrow wrote:
Yup after I posted that I read your post, have to admit, searching a table full of hashes would be a hell of alot quicker than cracking it manually :] But then again, I rarely crack any hashes (good memory for my own passwords) but anything for md5 i use passcracking.net/com. But i suppose it wouldnt be difficult to code up a quick php page to fill a mysql dbase with incremental hashes generated on the fly... might look into it (even though its no doubt been done) fun project for a rainy day i suppose. 

ad () class101 org wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
rainbow crack finds this pass "Test0r" in 5-10sec and you doesn't need an huge machine to get it, if you like johnthe ripper, I heavly suggest you to generate your tables and start using rbcrack, because you are loosing your time on john, believe me :) 

At 12:25 30/07/05, Paul Farrow wrote:
Chances are the system used by the website was a multi-processor beast of machine, able to maximise cpu time to cracking the passwords. If you can get the password hash, then your best bet is to run it through jtr(john the ripper). 

C:\toolkit\passwords\pwdump> pwdump2
Administrator:500:62b239ea3de3b4142e04d2d295f821b0:a929535485de3b50889
23fd58d02cca2:::
ASPNET:1000:f5052a93de1b6a7848d83fff52bb5c55:264d62a5f32f74bb6df2642a5
14fd17f:::
Guest:501:d9dce10ca0c8ba7baad3b435b51404ee:672e556cf53bf2a83c36bead638
3212b:::
__vmware_user__:1002:aad3b435b51404eeaad3b435b51404ee:69deddc712c272b3
3e31fae0f4b82a73:::

C:\toolkit\passwords\pwdump> pwdump2 > passwords.dump
C:\toolkit\passwords\john>john -incremental passwords.dump
Loaded 4 passwords with no different salts (NT LM DES [24/32 4K])
TEST0R              (Administrator:2)
guesses: 1  time: 0:00:00:20  c/s: 9045001  trying: PMSBRK - HLEYKL
Thats on a 1.987mhz AMD processor in windows 2000, running about 30 other things at once. 


Hope this helps.

X u r r o n wrote:


hiya!
I have tried many softwares for cracking NTLM hashes, like NC4, Cain and have't tried Rainbow Crack yet. Once i had to recover my XPs lost admin password and i spend around 1 day but Cain/NC4 were not able to guess that. Then i posted that hashes on some site and it did recover my passwd in around 5min. I want to know which technique they used to crack so fast ? 

Xurron

----------------------------------------------------------------------
--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2rc2 (MingW32)

iQIVAwUBQutb0a+LRXunxpxfAQK+3g//dof4pz4mFmqJOed4ehsBm+rrYDYsBqDq
1pwHhC9eHg72Ot/kij5DC7leEUNOH6BYi+UiDDOWWN3tvVnzHkHr3SmxGb6GBcyh
T9gmQcvkwq5beShtpCutXK51UCk70DmdKSbLnUGTFbofJHRb2j92zamjjSFnoyXr
r6mQ89mqxYy2dmxIUnbFFCWhUdr2sn0lVmwIX4cjjxQhOhKO5ouhxWy0FbHFuXt3
+OVNJ3LZWsbqmInEwSnTPw//YBbj4MVrE2RuxsqiAcZ7LJjuUoTX5ZIeZjw0/J7i
7YV1oLNeTqDBd9cCoshOXvHC9rLXaZ0ZX9oLfej7kxAGsQ1Yd6NXxHOJio4O0xeX
cLfItvV3TbESacg+O/MZc4VwOnrvHej9jADf49fteSjRs3uOx3aT9hSqVayJcyb1
zBINQbkIn3RiNOJj4/aKLm+uoJGioSGBRaw4BXvZSZ/1SixxmyDkJ0uo0a50dM7N
oxS6sgern8BljF20yhPEnPLQJPnD0NmgszpnAMUcbkydHiY3tseNBOeiSCB4Gft8
yHLAsHi1Om2tR25+dl+6mVnBlOHKa++lBius6wbymU3vbFSX0RXYuoz3p6npPpa2
irx0OcYT+OldV4YezKYIBPVa+/V5V7hOaGKGA3PpwLpVGSZwT9zqhVA2EimIhGeA
Ct6SEcxmUeY=
=+sl3
-----END PGP SIGNATURE-----




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



****************************************************************
KEY: 0xA7C69C5F
PRINT: 694C 3495 BCC4 2F8B D794  6BD4 AF8B 457B A7C6 9C5F
****************************************************************

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2rc2 (MingW32)

iQIUAwUBQuvuTa+LRXunxpxfAQL8sg/4xAvAcdXyegxlDsUwVt3DyiJsdgqkfH8j
vQUTOWjxLuRGgruG+ZZzelrmb0PMuZ5rtgk8gXyseicveuKsn+pDi0uWMI6tN7CI
C0TCJ5YCHxitAUuZM5g4AjmoXO7uHqUhsI38QS8jNH7RD3R58vahb1eEbg/9ka+J
Ltcm5TkWJCzjEtwEHUzwxIlwsIGL8kfvxN7hDkQDHQ42rNA1j00xJ8BAeK8qz6tz
4/9t6odNy4VcCGxVgFuWBTQ5foWceQ7zwt3/SOf33R7YgKhRUqIFXB0goLpk92KU
7qJFMiyGBdMgwNiTAh41BEfdha3QEL1dleHeBQbtWadUSPlNbQF+anl1nxhGIZno
no/WyyfE2Va+SCKOh5UvVj6jP5pXD4gz0VIPol1FAxhZziHAH62gKFZk3QO+2ysf
v5yNdBnXfl+edKqhZRAEv0A1nrUbhndQXOzXbxCz87s6U+HcKrp893PmMZD9UQak
Y/hnPmpBeBBfJWsPC52L5SIKNI6Lbx6LCkfieHdcviCexKiqEQ2RJHyXQEv8ecca
C4jSDpgGOyLikq/hmfZSTn6iwRRAjbe3RWjKn2+b3NYPFp0NOqq4OEx6sOfA7TIg
EGAFMEsnSnDCtNa280Vvqu3ACYnutHE32heGB2shg3jRPABtDmI7Xu/b08/rAGAy
BvcgEN4gbQ==
=Ap+n
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: