DumpCache

[FlamingPacket]

Just wondering if anyone has successfully used this tool. I grabbed 4 or 5 hashes off of a machine. I'm trying to import into a pw cracker, but most progs aren't recognizing it. I'm using John on it right now, but its been running for over a week and hasn't turned up anything yet. Just wondering if anyone uses this tool, and has some tips...

[RogueSpy]

A week and nothing? Must be some heavy duty pw's

[Striek]

I'm not sure I understand the problem. You are asking about the usefulness of DumpCache, but your problem is that John hasn't found anything yet?

So is the question about John or DumpCache?

My suggestion is to make a bogus account or two on your machine with easy to break passwords, and then run whatever set of tools you are using to make sure that they can in fact properly crack them. Maybe you forgot a module for john or something.

Then again, maybe they're just strong passwords.

Why exactly are you doing this and on whose computer anyway?

[FlamingPacket]

Why exactly are you doing this and on whose computer anyway?

It's work related... (work being the govt.)



The issue I'm having is that most crackers aren't recognizing the format that dumpcache spits out. John seems to be the only one so far. And I'm aware that the stronger the pw is, the longer it will take. I've got a quad-xeon working on it...

Anywho, I like your idea of creating bogus accounts with weak passwords just to test. I think I'll try that now... just to make sure John is actually recognizing the file.

[RogueSpy]

Have you tried Lopht Cracker?

[wiskic10_4]

hrmm...

Seems I recall something like this happening when I used pwdump2 to dump some hashes from a Win 2K server... Cesillia didn't recognize it as a valid hash, nor did another cracker (I can't remember which), but JtR cranked on it... However, I gave up and killed it after a day and a night... However, the hashes were from passwords much longer than 14 characters (around 30 chars or so), which means (if memory serves) that some bug in Win2K prevents them from being stored correctly, and thus, generates "bad" hashes... I'll check back on that w/ an edit in a few...

So, I guess the question is - will JtR crank on bad hashes???

-Wiski

EDIT: bah - seems I'm mistaken... Apparently before SP4, Win2K would truncate passwds down to 14 characters... but the resulting hash was still valid...
http://www.windowsecurity.com/pages/..._p.asp?id=1380
However - I wonder why JtR would recognize these hashes as valid when Cesillia and the other (*still* can't remember which) would not... most mysterious... :???

[FlamingPacket]

Originally posted here by RogueSpy
Have you tried Lopht Cracker?

Yup, that's what I tried first. Then cain, now JtR

[Irongeek]

Do you mean Cahedump? I've used it and it work fine if the password is simple enough or you have a lot of time.

[FlamingPacket]

Originally posted here by Irongeek
Do you mean Cahedump? I've used it and it work fine if the password is simple enough or you have a lot of time.

I did mean CacheDump... haha, thanks!

[Irongeek]

I have a few tutorials on it. On my site, more than likely the passwords you are trying to bread on rather complex. If you run a bruteforce with Cain it should tell you how long to run though the keyspace, if it's a few thousand years I would just give up.