Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Jan 2014 20:14:03 -0500
From: Rob Fuller <jd.mubix@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking MSChap v2

@RichRumble => The big deal for me is because I'm an ops guy. I worry about
useable, if the gun fires good enough to kill my enemy, it's good enough
for me. The fact that if I can get an NetNTLMv1 hash, no matter how long or
complex it is and in 23 hours with cloudcrack.com I can turn it into
something useable (pass the hash) is huge. Problem is, I have too many
legal and ethical concerns about submitting even a hash to an online hash
cracking tool that this removes it from my tool box since no tool out there
that I know of can "crack" it the same way cloud crack does.

I understand this isn't the traditional "cracking" to clear text, but it's
certainly a game changer on the attacker / offensive security front.


--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Mon, Jan 13, 2014 at 7:14 PM, NRO <nro117gm@...il.com> wrote:

> I hope I'm not dumbing down the thread too much but: I got JTR Bleeding
> Jumbo installed and running and was able to enter the hash noted earlier in
> this thread. So far it's been running for 19 hours. So far no results and
> I'm not sure how to verify whether or not there is progress.
>
> Have hit enter to get status but it just shoes 0 guesses.
>
> > On Jan 13, 2014, at 3:48 PM, Pedro Worcel <pedro@...cel.com> wrote:
> >
> > Thanks for this, I enjoyed the read.
> >
> >
> > 2014/1/14 Rich Rumble <richrumble@...il.com>
> >
> >>> On Mon, Jan 13, 2014 at 5:54 PM, Rob Fuller <jd.mubix@...il.com>
> wrote:
> >>> Looked through the source and mailing list, but couldn't find it, has
> >> there
> >>> been any work on cracking NetNTLMv1 down to NTLM hashes?
> >>
> http://markgamache.blogspot.com/2013/01/ntlm-challenge-response-is-100-broken.html
> >>> https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
> >> That blog post was grandstanding pure an simple, ntlmv1 has been
> >> broken well before that blog post, by plenty of others.Every cracker
> >> I've ever used broke the challange and the password, l0pht was first,
> >> cain is still good. I just re-read the post (I even have an old
> >> comment on it when it came out), I don't see what the fuss was about
> >> with that blog post, other than it got some attention, when reading it
> >> all I can think about is:
> >> http://www.quickmeme.com/it-is-known
> >> I believe there are patches for NetNTLMv1 in the Jumbo versions of JtR
> >> http://www.openwall.com/lists/john-users/2010/07/09/1
> >> https://www.google.com/search?q=site%3Aopenwall.com+netntlm
> >> -rich
> >
> >
> >
> > --
> > GPG: http://is.gd/droope <http://is.gd/signature_>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.