Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAP-=ew3z1sKfkO--W+6TLXPLK0FNO=mpq8h5xHnq3Aj=AgjnbA@mail.gmail.com>
Date: Tue, 14 Jan 2014 09:15:47 -0500
From: Rob Fuller <jd.mubix@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking MSChap v2

@Rich I completely agree about WCE and Mimikatz, both are amazing tools and
clear text is great. However, both tools require coded execution and
administrator / SYSTEM access on a machine to do this. Gaining NetNTLMv1
hashes are MUCH easier to achieve using tools like Responder or other
WPAD/NBNS/LLMNR tools.

@magnum those are amazing speeds, are you saying that JtR jumbo already
does NetNTLMv1 => NTLM via DES hack/bypass/brute (not sure what the right
word is)

Finally, I totally agree the JtR is a "weak password finder". It's the same
answer I got from hashcat team (think it was Atom but it was a while ago I
ask (just re-asked in their channel yesterday as well). But honestly I have
no where else to go to ask for this. The JtR and Hashcat teams would be the
only people who could accomplish a feat like this for the public security
community.




--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Tue, Jan 14, 2014 at 8:24 AM, Rich Rumble <richrumble@...il.com> wrote:

> On Tue, Jan 14, 2014 at 7:25 AM, Richard B. Tilley <brad@....us> wrote:
> > Rich,
> >
> > I agree with your assessment and have seen these tools in use by bad
> guys on networks. Mimikatz can dump domain credentials, too, if a user has
> authenticated to the machine (where Mimikatz is running) using domain
> credentials. If a domain or enterprise admin authenticates, the rest is
> history.
> >
> > That's all I had. Hope this is not too off-topic for john-users. My
> apologies if it is.
> Bottom line is JtR doesn't bruteforce or strip the elements off the
> challenge response like CloudCracker can and leave you with just the
> hash. Since JtR has it's roots in weak password finding, and NTLM is
> very fast, you could potentially recover the plain-text password in a
> reasonable amount of time rather than "pass the hash". Someone on here
> I'm sure could create a patch, JtR arguably has the fastest DES code
> out there, so maybe this could be a patch for JtR. I think this was a
> good discussion and JtR appropriate. It almost sounds like you could
> script the task, but I'm no programmer so I'm probably way off on that
> :)
> -rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.