Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <443661B6.9050607@gmail.com>
Date: Fri, 07 Apr 2006 13:57:26 +0100
From: Hari Sekhon <harisekhon@...il.com>
To:  john-users@...ts.openwall.com
Subject: Re: WINDOWS 2000 off line

you need to patch john with the cache hash support and then pass the 
parameter format=mscash (I made the mistake to spelling this properly 
when I was first trying to do this and it doesn't work to say mscache, 
it has to be mscash - a M$ joke?).

anyway, you can just get the jumbo patch, it has the cash/cache format 
support it in.

By the way, could anybody tell me the algorithm etc that mscash is 
using? I think it was DES 32 or something...

maneesh kohli wrote:
> Thanks for this much information....
> Yes, I have been able to get user soecific information usin cachedump..
> like
> s_gupta:8F51A631FA41E3E7C74A64859C04D2E4
>
>
> I know the pwd for this hash, but even if I put this pwd in wordlist
> and run JTR in wordlist mode it is not able to crack it.
>
> How to use this information with JTR to get the pwd???
>
>
> On 4/7/06, Hari Sekhon <harisekhon@...il.com> wrote:
>   
>> the account is probably a domain one so you need to use cachedump
>> instead of pwdump.
>>
>> maneesh kohli wrote:
>>     
>>> Even I am facing the same problem....
>>>
>>> When I run pwdump4 on my local machine (Service Pack 4, Workstation) I
>>> do not get hash for my password, though it lists the hash for
>>> administrator's password. This is strange.
>>> Please help in sorting out this problem.
>>>
>>> Thanks
>>>
>>>
>>> On 23 Mar 2006 21:34:57 -0000, madfran <madfran@....alias.net> wrote:
>>>
>>>       
>>>> Hi,....
>>>>
>>>> I have some curiosity.
>>>>
>>>> The situation :
>>>> - Laptop DELL
>>>> - Windows 2000 Service Pack 4
>>>> - I have Administrator rights in this machine
>>>> - When I am in my office I connect to the network over domain authority
>>>> - When I am outside without network I start my laptop with the same user and
>>>>  password  ==> My password (or hash) is stored in my laptop
>>>>
>>>> The problem (or curiosity) :
>>>> - I run CAIN and try to discover my user identification in my laptop
>>>>  ==> not luck ! I see Administrator (for example) but not my identification
>>>> - I run LC5 (l0phtcrack) and I import hash from local machine
>>>>  ==> not luck ! All hash (included Administrator) but not my password hash
>>>> - I run cachedump
>>>>  ==> same results
>>>> - I run pwdump (version 6) against my laptop
>>>>  ==> I see more user ! (one is Administrator_history_0), but I don't see my
>>>>      user identification.
>>>>
>>>> Questions (only two) :
>>>> - Wicht is the system to see my own user (user and password hash) ?
>>>> - Why I see more user with pwdump than CAIN, LC5 or cachedump ?
>>>>
>>>> madfran
>>>>
>>>> --
>>>> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
>>>> to the automated confirmation request that will be sent to you.
>>>>
>>>>
>>>>
>>>>         
>>>       
>>     
>
>   

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.