Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 May 2009 10:25:17 -0500
From: jmk <>
Subject: Re: Cracking Metasploit SMB stuff...

On Fri, 2009-04-24 at 15:44 -0300, wrote:
> Hey list, i'm trying to crack this:
> Captured DOMAIN\user
> LMHASH:8885a28be8a72ca650bd65069ca4a3f4a5de1c918778d28f
> NTHASH:3a948718e031f88063d9925152ab2b5e010100000000000005f1c89ff1c4c901a5de1c918778d28f00000000020000000000000000000000
> OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002
> 5.1
> i dont know which format should i use this time... i've already read all the
> _fmt.c but with no luck... any ideas? i know the cleartext password, if it
> can help tell me... thanx a lot.


I'm a bit rusty on this, but here goes... 

What you have there should be a LMv2 and a NTLMv2 challenge/response.
The John "NETLMv2" format can perform a brute-force crack against the
LMv2 set. The first 16 bytes of your "LMHASH" value should be the client
response and the next 8 are its challenge. You will also need the server
challenge issued by Metasploit, which I'm assuming was 1122334455667788.
The format of the file should then be as follows:


Using your data, you have:



To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.