Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 20 Sep 2015 19:07:40 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: best setup to crack format nt or nt2

On Sun, Sep 20, 2015 at 4:35 PM, Patrick Proniewski <patpro@...pro.net> wrote:
> I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file.
http://openwall.info/wiki/john/hash-formats
username:nt_hash_here is a very simple format, but using the usernames
as a dictionary can be beneficial, you should try -single crack mode
first, it should use the username's (and if you put any thing
"artifically" in a GECOS field).
> I've made some tests already: LM hash is unused, the other hash is recognized as nt and nt2. Is there any difference between those too formats? Apparently, I can use either --format=nt or --format=nt2 with same results.
http://www.openwall.com/lists/john-users/2012/11/15/12
> I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup.
NT is "fast", and as of now OpenMP will not be of benefit for this format,
http://openwall.info/wiki/john/parallelization
Fork will however will help reduce the work by 8 :)  Have a look at
this cheat sheet for attacks you may want to try:
https://countuponsecurity.files.wordpress.com/2015/06/jtr-cheat-sheet.pdf
Or my article here:
https://xinn.org/blog/JtR-AD-Password-Auditing.html (needs updating a
bit, fork is fixed now)
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.