Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2589.84.188.210.30.1144290528.squirrel@www.jpberlin.de>
Date: Thu, 6 Apr 2006 04:28:48 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: new at this cracker business


> On Wed, Apr 05, 2006 at 10:06:41PM +0000, jay rubin wrote:
>> I decided I wanted to see how secure was my windows password.  Without
>> getting into too much about all the missteps that I've taken I've
>> finally
>> downloaded 1.7 + jumbo patch build for Win32 (1664 KB), by thomas
>> springer
>> and pwdump2.  I ran my SAM file through pwdump2
>
> Jay originally sent a similar question to me privately, but I asked that
> he post it to the list. ;-)
>
> Jay - it's a pity that you've omitted the "missteps" from this posting
> because they're still relevant.  Basically, your grabbing the SAM file
> was a mistake - it would have been more straightforward to use one of
> the PWDUMP* tools (such as pwdump2 which you've downloaded) to dump the
> hashes to a text file.
>
> SAM files are much harder to process.  John does not process SAM files
> directly.  Moreover, recent versions of Windows encrypt hashes in the
> SAM with so-called SYSKEY - so you would need to grab that as well.
> That's a lot of complexity for no gain.  Just don't do it.

Dear Solar,

If you would have take a look at bkhive you would have noticed that, if
you also have the system-file where the SYSKEY is normaly stored in, you
don´t have to crack SYSKEY from a SAM from a modern Windows.
The encryption key is stored in this system-File so it gets decrypted
imedietly. So if John would be able to do this it could also be able to
convert the SAM like pwdump does.

The bkhive-Source is totaly messed up, yes. But if you manage to compile
it it realy works even a plain and good C-Version would be better.
So SAMs are not that hard to handle because MS provides you the key for
the SYSKEY-Encryption too.

LothCrack does not get sold outside america anymore because fucked up
crapto-Laws. So I don`t wonder why so much people start to use John even
for SAM-Files.

But LC provides also a "real" Bruteforce against the SYSKEY-Encryption
(without knowing the key). But adding the bkhive and pwdump "feautures"
would be a big step ahead (at least for guys who also have to maintain
Windows-CLients).

That`s just my oppinion but I know that manpower is rare...

Kind regards,
Rembrandt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.