Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2011 21:46:23 -0500
From: Philippe Ouellet <>
To: "" <>
Subject: Re: NTLM challenge/response cracking (again...)

I've had issues with captured challenge response hashes. Here is some additional info that helped me with formatting.

On 2011-11-11, at 5:16 PM, rootkit rootkit <> wrote:

> On Fri, Nov 11, 2011 at 6:29 PM, magnum <> wrote:
>>> Information on this topic are very difficult to find. At the beginning
>>> I was thinking about generating rainbow tables for each different
>>> CHALLENGE, but that would be really too much.
>> It would miss the whole point of rainbow tables. In short, if you do not
>> already have the tables, cracking with JtR will be quicker.
> True. At the time I didn't know john could crack it (or better, I
> didn't know I needed the jumbo patch).
>>> However there's something I don't understand: does the NETLM cracking
>>> work only if the challenge is 1122334455667788? Would it work for any
>>> challenge?
>> JtR works for any challenge. That particular challenge stems from some
>> old public attacks where the challenge was forced to this value, thereby
>> making the salt (challenge) "worthless".
> That was more or less my guess, thanks for confirming.
>> And, because of this, I'm
>> pretty sure there are rainbow tables for that very challenge.
> Yes, I have seen some around.
>> Like Solar said, post some example hashes. It should work if you do it
>> right - at least if you run JtR version 1.7.7-jumbo-5 or newer. Earlier
>> versions had a variety of shortcomings and was also substantially slower
>> for these hashes.
> Done in the other post.
> Thanks for your answer magnum.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.