-
July 8th, 2006, 04:51 AM
#1
john the ripper
after three days of testing i have concluded that it is impossible to 'audit' a 6 or above lenght password using john 1.6.37(with mscash)
my machine runs at 1million c/s.....even at that rate it will take me like 9 days (with john's 'all incremement mode')
(((96^6)/1million)/(60x60x24)) = 9 days
i tried the session feature and it is slow.......if i run anything else it slows down to 10k/s which is impossible and resuming a session will resume at 10k/s instead of 1mill when nothing is running.
here is what i need...so plz help me out
john 1.7.0 with the mscash plugin (i downloaded the win compiled 1.6.8 version frokm this forum)
a lesson about salts in jtr......
how to increase the c/s in john.....
UPDATE: yesterday the c/s reached 2.1million i dunno how.......anyway
-
July 8th, 2006, 12:05 PM
#2
Have you tried other audit tools such as 0phtcrack? Since Symantec shelved L0pht, I have switched over to 0phtcrack (found on the sourceforge site) and I have been pleased overall with its ability to audit 8,000 Active Directory accounts. I have it running on a quad xeon box with 2 gig of RAM. Speedy to say the least.
Give it a look. See if you like it.
PS
Welcome to AO.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 8th, 2006, 06:05 PM
#3
Just a quick correction - the app I think TH is talking about is Ophcrack. It is indeed very fast
Cheers,
-jk
-
July 9th, 2006, 02:37 AM
#4
Yep. That would be the one. As many of you know, my spelling is that of a 4th grader.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 9th, 2006, 11:50 PM
#5
Jedi don't have to win spelling bees.
When death sleeps it dreams of you...
-
July 10th, 2006, 03:50 PM
#6
You might also want to check out Cain & Abel, another free option that works fairly fast. You can find it here:
http://www.oxid.it/cain.html
m2
Work... Some days it's just not worth chewing through the restraints...
-
July 10th, 2006, 04:47 PM
#7
Personally I thought th was talking about l0pthcrack. But I've heared that ones support has stopped. *cough*You might be able to find a key generator somewhere though*cough* I've used cain & abel and I must say that I like it. I'll give Opcrack a try sometime
-
July 10th, 2006, 05:03 PM
#8
Junior Member
Hello,
Does ophcrack crack MSCACHE (MSCASH)? Or just the Sam file(NTLM)?
I was only aware of JTR (Atleast on Linux Cain and abel works for Win) w/ the mscash patch being able to do that.
Has anyone use Bob the Butcher? http://btb.banquise.net/
Later
-
July 10th, 2006, 10:30 PM
#9
Member
Another Windows product that I use is Proactive Password Auditor by Elmcosoft. I've had some great success with that.
Enforcer
-
July 10th, 2006, 10:38 PM
#10
Originally posted here by Katmando
Hello,
Does ophcrack crack MSCACHE (MSCASH)? Or just the Sam file(NTLM)?
I was only aware of JTR (Atleast on Linux Cain and abel works for Win) w/ the mscash patch being able to do that.
Has anyone use Bob the Butcher? http://btb.banquise.net/
Later
funny you mention this because we are going through this very exercise at my work right now. We have grabbed cached credentials and were trying to crack them with John but with no luck... anything over 6 characters just doesn't show up. I was running it on a P4 3.5 with 2GB of RAM over the weekend and got nothing on a 10 character w/special.
I'm not sure if 0phtcrack will work on cached credentials though.
fwiw we are also using John 1.6.37.
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|