Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100709032508.GA16093@openwall.com>
Date: Fri, 9 Jul 2010 07:25:08 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: LM and NTLM C/R cracking

Hi,

Here's an example of how LM and NTLM challenge/response pairs may be
processed with John the Ripper with the jumbo patch applied, using
sample C/R pairs from this recent blog post:

http://carnal0wnage.attackresearch.com/node/427
http://carnal0wnage.blogspot.com/2010/07/revisiting-halflm-stuff.html

I formatted the input file as follows:

ADMIN:::59DE5D885E583167C3A9A92AC42C0AE52F85252CC731BB25:5ADA49D539BD174E7049805DC1004925E25130C33DBE892A:1122334455667788
ADMIN:::40305B22075D6000D0508D9AD1F7BEB02F85252CC731BB25:337C939E66480243D1833309B8AFE49A81FE4C5E646BF00A:1122334455667788
ADMIN:::DAF3570C10ED2817C3D8A05D69F9EF292F85252CC731BB25:D3FB390BAC5D152F7A394466FBEF686E275D05B99C0A115E:1122334455667788
ADMIN:::76365E2D142B5612980C67D057EB9EFEEE5EF6EB6FF6E04D:727B4E35F947129EA52B9CDEDAE86934BB23EF89F50FC595:1122334455667788
ADMIN:::D737AA8F95CE38359CAB5D8A2519C4B92F85252CC731BB25:0624A3F7D457C54B163C641DBF4B7963548EF1C5D0397CBF:1122334455667788
ADMIN:::0E89A68D07E315C6035E82B757B955882F85252CC731BB25:58F2D720179B4A38A0523E02AEF0D41DACCCD6577EAA943C:1122334455667788
ADMIN:::AA9436C1D40CB53F3E7A20091C4B931C2F85252CC731BB25:8AC45ACDBD60F2FAD3081ECF005536EFA6009C21CA5FAF36:1122334455667788
ADMIN:::DCE867F0CB638DB2DBCC3576A52DC4612F85252CC731BB25:8990B33DAC65C5EF75073829894B911A983C1E260FBD1097:1122334455667788
ADMIN:::6F9D851D74C8A095C9DF672A1554BEBC2F85252CC731BB25:89953DE6F957B7DB5FE664D23AF3DE41DD38F5EC0A4A6EB0:1122334455667788
ADMIN:::CC96CC93B4DC9B7582273227FD61A5952F85252CC731BB25:76D3C3DEB0BB8EF1A1E41AB6A3F6C686A321CE016C624567:1122334455667788
ADMIN:::CC96CC93B4DC9B754DB66776827758D30B7892EEF2E3F2BC:DF58AE0F786BECC11BE11034DC53B21BDF1D73579AF868D1:1122334455667788
ADMIN:::DE5D1D85DAF6593D0A09FF32049013AB2F85252CC731BB25:526471D8C4A0ECC8AF05851804EA8FDD26848FA3CCC63152:1122334455667788
ADMIN:::B8489EDEE1058B43F3CE0F0ABE5A16872F85252CC731BB25:57B9C47A75335692F60E787E41CD16A292A21BC667B3FD02:1122334455667788
ADMIN:::2B6B134AF8D48F2A972BFF5660420D582F85252CC731BB25:5018402148E15A8D77CB22DD46F1449A2791416B73EE9C3D:1122334455667788
ADMIN:::BB49AEFD51ED0DCCD5BE291BD33BE3052F85252CC731BB25:C9B255750BD88AC72E03ADAFDA261E62618C943F7D59DAF5:1122334455667788

First, attack the "NETLM" "hashes" (case insensitive):

host!solar:~/john/john-1.7.6-jumbo-4/run$ ./john --format=netlm pw-netntlm
Loaded 15 password hashes with no different salts (LM C/R DES [netlm])
ADMIN            (ADMIN)
PASSWORD         (ADMIN)
1234             (ADMIN)
123              (ADMIN)
ASDFGH           (ADMIN)
1                (ADMIN)
000000           (ADMIN)
00000000         (ADMIN)
guesses: 8  time: 0:00:00:01 (3)  c/s: 1306K  trying: BETEMOR
12               (ADMIN)
ROOT             (ADMIN)
guesses: 10  time: 0:00:00:04 (3)  c/s: 1994K  trying: MELACCT
00               (ADMIN)
0000             (ADMIN)
guesses: 12  time: 0:00:00:07 (3)  c/s: 1920K  trying: KH6869
000              (ADMIN)
0000000          (ADMIN)
guesses: 14  time: 0:00:00:19 (3)  c/s: 1281K  trying: CESKET1

Now let's try "NETNTLM" (case sensitive):

host!solar:~/john/john-1.7.6-jumbo-4/run$ ./john --format=netntlm pw-netntlm
Loaded 15 password hashes with no different salts (NTLMv1 C/R MD4 DES [netntlm])
ADMIN            (ADMIN)
password         (ADMIN)
1234             (ADMIN)
123              (ADMIN)
asdfgh           (ADMIN)
1                (ADMIN)
000000           (ADMIN)
00000000         (ADMIN)
guesses: 8  time: 0:00:00:01 (3)  c/s: 1306K  trying: sadie
12               (ADMIN)
root             (ADMIN)
guesses: 10  time: 0:00:00:03 (3)  c/s: 2371K  trying: phdigh
0000             (ADMIN)
00               (ADMIN)
guesses: 12  time: 0:00:00:06 (3)  c/s: 2296K  trying: rh3gap
000              (ADMIN)
guesses: 13  time: 0:00:00:09 (3)  c/s: 2033K  trying: gte2g
0000000          (ADMIN)
guesses: 14  time: 0:00:00:19 (3)  c/s: 1626K  trying: mbblum

As you can see, either gets to 8 guesses in 1 second, and to 14 (out of
15 total) in under 19 seconds (the status line was displayed when I
pressed a key; the actual guess occurred a bit earlier).  It is also
possible to go from known case insensitive passwords (cracked from NETLM
hashes) to "crack the case" (from the NETNTLM hashes) nearly instantly,
but this was not required in this case (we got to the same 14 hashes
cracked quickly with a direct attack on NETNTLM as well).  All of this
was with JtR's default settings.

Rainbow tables may be hot, but other approaches are viable as well,
especially when the number of hashes or C/R's to audit is large (with
rainbow tables, the attack time is per-hash, but with JtR the attack is
against all hashes at once).

I hope someone will find this helpful.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.