When using the password cracking tool John the Ripper, I have many times used it against the LM passwords, and cracked them with a bit of time. Of course the NT passwords are (usually) just a case permutation of the LM password. So, there must be an easy way to get John to do case permutations for you. I went in to the configuration file -- /etc/john/john.conf to see if I could figure out how john word mangling rules are made. I did not, but discovered there is already a rule to get NT passwords from LM passwords. To use it, simply specify the mangling rule.
In sequence, I did this (assume the hashes are in a file called hashes) --
time john --format=LM hashes (this took about two hours)
john --format=LM --show hashes | cut -d : -f 2 | sort | tail -n 5 > word.txt
time john --format=nt --rules=NT -w:word.txt hashes (this took less than 0.1 seconds).
No video this time, comment if there's a part you don't understand, and I'll break it down.
No comments:
Post a Comment