john the ripper
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: john the ripper

  1. #1
    Banned
    Join Date
    Jul 2006
    Posts
    12

    john the ripper

    after three days of testing i have concluded that it is impossible to 'audit' a 6 or above lenght password using john 1.6.37(with mscash)

    my machine runs at 1million c/s.....even at that rate it will take me like 9 days (with john's 'all incremement mode')

    (((96^6)/1million)/(60x60x24)) = 9 days

    i tried the session feature and it is slow.......if i run anything else it slows down to 10k/s which is impossible and resuming a session will resume at 10k/s instead of 1mill when nothing is running.

    here is what i need...so plz help me out

    john 1.7.0 with the mscash plugin (i downloaded the win compiled 1.6.8 version frokm this forum)

    a lesson about salts in jtr......

    how to increase the c/s in john.....

    UPDATE: yesterday the c/s reached 2.1million i dunno how.......anyway

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Have you tried other audit tools such as 0phtcrack? Since Symantec shelved L0pht, I have switched over to 0phtcrack (found on the sourceforge site) and I have been pleased overall with its ability to audit 8,000 Active Directory accounts. I have it running on a quad xeon box with 2 gig of RAM. Speedy to say the least.

    Give it a look. See if you like it.

    PS
    Welcome to AO.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Just a quick correction - the app I think TH is talking about is Ophcrack. It is indeed very fast

    Cheers,

    -jk
    TAZForum <---- click

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Yep. That would be the one. As many of you know, my spelling is that of a 4th grader.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    Jedi don't have to win spelling bees.
    When death sleeps it dreams of you...

  6. #6
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    You might also want to check out Cain & Abel, another free option that works fairly fast. You can find it here:

    http://www.oxid.it/cain.html

    m2
    Work... Some days it's just not worth chewing through the restraints...

  7. #7
    Senior Member DakX's Avatar
    Join Date
    Jul 2005
    Posts
    128
    Personally I thought th was talking about l0pthcrack. But I've heared that ones support has stopped. *cough*You might be able to find a key generator somewhere though*cough* I've used cain & abel and I must say that I like it. I'll give Opcrack a try sometime
    [T]he future is now.

  8. #8
    Junior Member
    Join Date
    Feb 2003
    Posts
    4
    Hello,

    Does ophcrack crack MSCACHE (MSCASH)? Or just the Sam file(NTLM)?

    I was only aware of JTR (Atleast on Linux Cain and abel works for Win) w/ the mscash patch being able to do that.

    Has anyone use Bob the Butcher? http://btb.banquise.net/

    Later
    Katmando

  9. #9
    Member
    Join Date
    Jul 2003
    Posts
    43
    Another Windows product that I use is Proactive Password Auditor by Elmcosoft. I've had some great success with that.

    Enforcer

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Originally posted here by Katmando
    Hello,

    Does ophcrack crack MSCACHE (MSCASH)? Or just the Sam file(NTLM)?

    I was only aware of JTR (Atleast on Linux Cain and abel works for Win) w/ the mscash patch being able to do that.

    Has anyone use Bob the Butcher? http://btb.banquise.net/

    Later

    funny you mention this because we are going through this very exercise at my work right now. We have grabbed cached credentials and were trying to crack them with John but with no luck... anything over 6 characters just doesn't show up. I was running it on a P4 3.5 with 2GB of RAM over the weekend and got nothing on a 10 character w/special.

    I'm not sure if 0phtcrack will work on cached credentials though.


    fwiw we are also using John 1.6.37.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •