Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1271266893.17363.54.camel@localhost>
Date: Wed, 14 Apr 2010 12:41:33 -0500
From: jmk <jmk@...fus.net>
To: john-users@...ts.openwall.com
Subject: Re: NTLMv2 Challenge/Response Cracking

On Tue, 2010-02-16 at 13:53 +0300, Solar Designer wrote:
> Maybe we should include more of your stuff into the jumbo patch -
> perhaps create a subdirectory under doc/ and place your patches to other
> tools in there, with a text file explaining their use along with JtR.
> What do you think?  If you agree, then can you please prepare a "patch"
> like this (to be applied on top of 1.7.4.2-jumbo-3)?
> 
> My concern is that right now your "formats" integrated into the jumbo
> patch are of little use on their own (or am I wrong?)  One has to obtain
> other stuff from your website and figure out how to use it along with
> jumbo-patched JtR.

I apologize for taking so long to respond to this.

I believe that the included formats (i.e. NetLM, NetNTLM, NetLMv2,
NetNTLMv2) are useful without any of my other scripts/patches. These
challenge/response pairs can be extracted from a variety of places
(Ettercap, CAIN, MetaSploit, Wireshark, etc.). They also relate to a
number of different protocols (SMB authentication, MSCHAP in
LEAP/EAP-PEAP/PPTP, etc.). That said, their use will probably be limited
to a small number of very focused penetration testers.

I've uploaded a patch and added a link on the Wiki to hopefully improve
what's currently there of mine. The patch adds some documentation
related to the challenge/response formats, attempts to address your
concerns with the netntlm.pl script and includes a "--config" option for
John.

I've also uploaded a minor tweak for the Oracle format. I found that
"john -format:oracle -show" wasn't returning the cracked passwords. This
should correct that issue.

Please let me know if this is what you had in mind.

Thanks,
Joe  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.