Re: [PEN-TEST] NT 4.0 and MD4 Hash

[Denis Ducamp <Denis.Ducamp () HSC FR>]

On Wed, Dec 06, 2000 at 09:12:01AM -0800, Etaoin Shrdlu wrote:
> Chris Paget wrote:
>
> > However - this does raise another question.  If NT does indeed use
> > MD4, and MD4 has been broken (according to the RSALabs FAQ,
> > "collisions for the full version of MD4 can be found in under a minute
> > on a typical PC"), perhaps L0phtcrack can be bettered?  Does anyone
> > have a copy of the article in which the MD4 crack is described
> > (CryptoBytes (3) 1,  Autumn 1995)? If so, please forward it to me and
> > I'll have a go at writing some code to do it...
>
> I'd suggest (and I'm surprised no one's brought it up before now) that
> you go off and look at John the Ripper before you work too hard on this.

John the Ripper doesn't know about NTLM (MD4) hashes, but he is so quick
with LANMAN (DES) hashes...

You may be interested in groar/titi http://www.groar.org/
In titi there's a command line tool called ntlm which caculates ntlm hashes
with or without salt.

The way ntlm works is : md4(unicode(password without the final \0))
So magic gives :
ntlm(magic) = md4(unicode(6d 61 67 69 63))
        = md4(6d 00 61 00 67 00 69 00 63 00)
        = 827B5320B42E9FD95CBB0E63451B701E

> I always use john in place of l0phtcrack. It's quicker, you can use it
> on multiple password systems, and it finds NT passwords that l0phtcrack
> didn't (or at least I got bored with waiting for it).

Yes, John the Ripper http://www.openwall.com/john/ is the best and fastest
password cracker.

Denis Ducamp.

--
Denis.Ducamp () hsc fr --- Hervé Schauer Consultants --- http://www.hsc.fr/
Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html