Thursday, May 31, 2012

From LM to NTLM passwords in John the Ripper

so you dump some passwords from a machine and you see it contains LM and NTLM hashes. obviously LM is quicker to crack so you go for that one first and it gives you the uppercase plaintext password:
./john --format=lm /root/hashes

which provides the plaintext uppercase password "KITTENBOOTIES". Great, now we need the real password, the one with upper/lower cases. we do this easily by supplying the "KITTENBOOTIES" password as the wordlist (with mangling) to john again. so do this:
echo KITTENBOOTIES > wordlist1
./john -rules --format=nt /root/hashes --wordlist=wordlist1
This will output the proper password of "kiTTenBooTiES"


No comments:

Post a Comment