Windows SAM Encryption
Results 1 to 6 of 6

Thread: Windows SAM Encryption

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    4

    Windows SAM Encryption

    How is it possible to tell if the LANman plaintext password security hole has been fixed and also how is it possible to tell what sort of encryption is being used MD4, MD5 when using samdump to get password hashes. Will John the ripper try to crack MD4 system passwords or will it give some sort of error message? also what service pack does MD4 come as standard with because i have been having problems trying to nail a service pack 3 SAM password i have dumped the hashes by a method i am not even going to go into (My good God it took some time) and i know the password is at least 7 letters long anyone any idea how long the cracking of this could take i did some calculations at 1,000,000 try's a second (Jack the Ripper) it could take about 34 days anyone got any real experience of how long this is gunna take?

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    134
    Well just off the top of my head I noticed that this site wasn't about teaching people how to get people's passwords, etc... You own this box? Doesn't seem like it... Why do you want this password so bad?... I'd suggest you delete the post or clarify your problem before too much time passes
    Reality is the one who has it wrong, not you

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    472
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Thumbs up Cain&Abel

    LC4 is now commercial and you have to pay for it (yuk).

    Use Cain & Abel, and support the freeware movement revolution, Hoo-rah!

    Get Cain&Abel here: http://www.oxid.it
    ...This Space For Rent.

    -[WebCarnage]

  5. #5
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    If you want to see if a machine is running LANMAN authentication,its in the registry, I think it varies from NT to 2000/XP but in 2k and XP in can be set in local security policy>security settings>local policies>security options Lanman auth level. I believe the levels are 1-5 in the registry. If youre not on the box but on the network you could also attempt a LANMAN authentication and sniff the exhange. I think the LM is some mickey mouse encryption and the NTLM is MD4 and NTLMv2 is MD5 (I'm not sure about those though)


    -Maestr0

    EDIT: I dont know if LC4 will do NTLMv2, I dont think so, if thats what your trying to crack it probably isnt going to happen the v2 is alot better than the previous incarnations which were pretty easy.


    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  6. #6
    Junior Member
    Join Date
    Sep 2003
    Posts
    4

    cheers Maestr0

    thanks maestro its nice to get a reply to my question, i don't usualy use forums because i usualy end up on some stupid tangent to my original question. Who cares why i want to know or what i am doing? by the way md4 and md5 encryption is hard to crack and all you people who think SAM security is gunna stay nice and simple are wrong the new ntmlv2 is 128 bit and with md4 encryption instead of the lanman storing all charecters as capitals and thus making cracking easy, md4 and md5 store both upper and lower case characters making passwords more difficult, also lanman stored passwords over 7 charecters in two blocks of 32bits giving you two sections of easily crackable (or at least possible to crack) blocks of 7, md4 however doesn't split into these blocks and stores the password whole, meaning if the password lets say is 14 characters using john the ripper this could take 170,000 years to crack. cryptoanalysis anyone?

    i don't like LOPHT crack because after you have dumped hashes in the readily available version it won't try and crack the admin password which, lets face it, is adament to the integrity of the network. The Box i am using is my own and i am trying to find ways of getting into it because , well, i've got nothing better to do befoer i go back to uni

    cheers for the info

    audio_head

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •