Need help with Brute Force cracking.

[nihil]

Hey e><ius, the only reason I mentioned it, is that I have a Swedish keyboard that I found somewhere, and it has accented letters on it.

You can certainly get a UK penny as that is just "p"............... I have no idea about the US cent symbol.



EDIT: you might find this interesting:

http://geeksaresexy.blogspot.com/200...m-hash-of.html

[e><ius]

zeruelx - i didnt see the options, but could i enter plain text to find hashes? well, not that i couldnt just look it up with my cracker.

nihil - thanks for the "p" it certainly is worth more than my "¢". btw, i also have a Swedish keyboard. bought it for 99¢ and its been roasting in my trunk for at least... 10 months. you wanna buy it for 98¢? its still BRAND new!

[nihil]

Hi e><ius,

I did a bit of rooting around and it seems that LM hash will support 142 characters. Also I did see mentioned that LC5 may have problems with non-Latin characters.

Nothing personal here mate, but when I used to play with these sort of tools I would give it a real simple password first, just to make sure that it was set up right and I was using it properly

Also, have you checked that LM hash hasn't been somehow disabled? I believe that you do it somewhere in the Registry by changing a "0" to a "1".

just a few thoughts................

[e><ius]

nihil

not offended. im still getting used to it. i did not try simple characters yet. and i have not changed my registry from 0 to 1. but ill check when i get home.

have you heard of Cain & Able? i ran it on my old machine for the hell of it once, and it automaticly dug out all the users and revealed the pw's. it took it 1 second or something (didnt say or have log). and also it came across internet connection pw's for my DSL. so does this actually brute force? or is it just plain faster than LC5?

[nihil]

e><ius,

Yes I have heard of Cain, as far as I know it does dictionary, brute force and cryptoanalysis.

I have no idea which tools are the most appropriate or fastest these days as I haven't used them for a while in a comparative scenario.

The reason I suggested trying with a simple password first is that you know it should work, and work quickly. That way you can verify your set up and methodology.

Incidentally, in the example you gave, you know that a dictionary attack won't work, so you could speed things up by turning that option off.

With brute force, check what characters you are using in your characterset.

My suspicion would be that LC5 may not be handling the "@" symbol?

[D0pp139an93r]

Hi e><ius,

I did a bit of rooting around and it seems that LM hash will support 142 characters. Also I did see mentioned that LC5 may have problems with non-Latin characters.

Nothing personal here mate, but when I used to play with these sort of tools I would give it a real simple password first, just to make sure that it was set up right and I was using it properly

Also, have you checked that LM hash hasn't been somehow disabled? I believe that you do it somewhere in the Registry by changing a "0" to a "1".

just a few thoughts................

Regardless of what LM can actually support, from what I understand, a password over 14 characters or using special characters automatically makes Windows use an NT hash.

[e><ius]

Incidentally, in the example you gave, you know that a dictionary attack won't work, so you could speed things up by turning that option off.

Why didnt i think of that? (rhetorical question)

My suspicion would be that LC5 may not be handling the "@" symbol?

... and along with the first 7 characters? maybe so? ::back to testing phase::

[e><ius]

FOUND!

20C5893D4E5336007BD5CA7982B10D14

=

Q!1W@2E#3

it took my machine 3 days to find. not bad? or bad? still had 17days to do the whole search.

took astalavista.net 3 seconds... maybe i shall switch my resources

[nihil]

That does seem rather a long time for a 9 character LM hash.............. based on your machine specs. Were you running it as a dedicated job, or were you doing other stuff as well?

OK your password was relatively strong, but I would still have expected it to be cracked in hours rather than days?

[e><ius]

well... i couldnt make L0pht go faster... fastest it goes = used no more than 50% of cpu power always. i did set it on lower priority so it wouldnt lag my comp when i was on it. 3.9ghz p4 and 2gb ram. it seemed to come out as MD5 . i dont know if SP2 automatically uses it.

where do i search the registry for that option 0 - 1 for LM - MD5?