Re: [Full-disclosure] Best way to crack NT passwds

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 07/30/05

  • Next message: Paul Farrow: "Re: [Full-disclosure] Best way to crack NT passwds" 
    Date: Sat, 30 Jul 2005 13:24:51 +0400
To: X u r r o n <xurron@gmail.com>

    Dear X u r r o n,

    You needn't actually crack the password if you know your hash, because
    cleartext password is never used in Windows environment. You could apply
    this patch to md4.c from Samba distribution:

    --- md4.c.orig 2004-04-04 11:37:00.000000000 +0400
      +++ md4.c 2004-10-27 23:01:31.000000000 +0400
      @@ -130,6 +130,21 @@
              C = 0x98badcfe;
              D = 0x10325476;
      +
      + if(n == 64){
      + int j;
      + unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
      + for(j = 0; j<16; j++){
      + if(!strchr(hexd, in[(j<<2)]))break;
      + if(in[(j<<2)+1])break;
      + if(!strchr(hexd, in[(j<<2)+2]))break;
      + if(in[(j<<2)+3])break;
      + out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
      + out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
      + }
      + if(j == 16) return;
      + }
      +
              while (n > 64) {
                      copy64(M, in);
                      mdfour64(M);

    And change your password with Samba utilities by entering NT password
    hash (in HEX) instead of password then prompted.

    --Saturday, July 30, 2005, 12:15:47 PM, you wrote to full-disclosure@lists.grok.org.uk:

    Xurron> hiya!
    Xurron> I have tried many softwares for cracking NTLM hashes, like NC4,
    Cain and have't tried Rainbow Crack yet.
    Xurron> Once i had to recover my XPs lost admin password and i spend
    around 1 day but Cain/NC4 were not able to guess that. Then i posted
    that hashes on some site and it did recover my passwd in around 5min. I
    want to know which technique they used to crack so fast ?

    Xurron> Xurron 

    -- 
~/ZARAZA
http://www.security.nnov.ru/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
  • Next message: Paul Farrow: "Re: [Full-disclosure] Best way to crack NT passwds"

    Relevant Pages

    • Re: Cracking Ettercap Generated hashes
      ... What you have there are the challenge/response hashes. ... You can crack ... i got a hash through Ettercap(ARP ... Chief Information Security Officer ...
      (Pen-Test)
    • Re: Craking Serv-u passwords stored in .ini file.
      ... let me say that I ran across Lepton's crack about a year ... > 1) hash the password, with or without prepending the salt, doesn't matter. ... > 4) append the salt to the last hash if you like, but I don't see any particular reason to do so ...
      (Pen-Test)
    • reversing hash ?
      ... Looking for a solution to crack a javascript hash coded string! ... I'm not active in informatics professionally but I do some programming in my ... Could anyone tell me how I could crack this code? ...
      (sci.crypt)
    • Re: Vigenere style One time pad?
      ... >> since everyone is so sure that it's so remarkably easy to crack a ... Don't think Jim does, either. ... Hash: SHA1 ...
      (sci.crypt)
    • Re: [Full-disclosure] Cracking the entire set of DES-based crypt(3) hashes. Interested ?
      ... hash to crack? ... Anonymity hosted outside the US would be an expected criteria. ... Email solutions, MS Exchange alternatives and extrication, ...
      (Full-Disclosure)