-
March 26th, 2007, 10:05 PM
#11
Hey e><ius, the only reason I mentioned it, is that I have a Swedish keyboard that I found somewhere, and it has accented letters on it.
You can certainly get a UK penny as that is just "p"............... I have no idea about the US cent symbol.
EDIT: you might find this interesting:
http://geeksaresexy.blogspot.com/200...m-hash-of.html
Last edited by nihil; March 26th, 2007 at 10:11 PM.
-
March 26th, 2007, 10:16 PM
#12
zeruelx - i didnt see the options, but could i enter plain text to find hashes? well, not that i couldnt just look it up with my cracker.
nihil - thanks for the "p" it certainly is worth more than my "¢". btw, i also have a Swedish keyboard. bought it for 99¢ and its been roasting in my trunk for at least... 10 months. you wanna buy it for 98¢? its still BRAND new!
-
March 26th, 2007, 10:48 PM
#13
Hi e><ius,
I did a bit of rooting around and it seems that LM hash will support 142 characters. Also I did see mentioned that LC5 may have problems with non-Latin characters.
Nothing personal here mate, but when I used to play with these sort of tools I would give it a real simple password first, just to make sure that it was set up right and I was using it properly
Also, have you checked that LM hash hasn't been somehow disabled? I believe that you do it somewhere in the Registry by changing a "0" to a "1".
just a few thoughts................
-
March 26th, 2007, 10:59 PM
#14
nihil
not offended. im still getting used to it. i did not try simple characters yet. and i have not changed my registry from 0 to 1. but ill check when i get home.
have you heard of Cain & Able? i ran it on my old machine for the hell of it once, and it automaticly dug out all the users and revealed the pw's. it took it 1 second or something (didnt say or have log). and also it came across internet connection pw's for my DSL. so does this actually brute force? or is it just plain faster than LC5?
-
March 27th, 2007, 12:09 AM
#15
e><ius,
Yes I have heard of Cain, as far as I know it does dictionary, brute force and cryptoanalysis.
I have no idea which tools are the most appropriate or fastest these days as I haven't used them for a while in a comparative scenario.
The reason I suggested trying with a simple password first is that you know it should work, and work quickly. That way you can verify your set up and methodology.
Incidentally, in the example you gave, you know that a dictionary attack won't work, so you could speed things up by turning that option off.
With brute force, check what characters you are using in your characterset.
My suspicion would be that LC5 may not be handling the "@" symbol?
-
March 27th, 2007, 05:59 PM
#16
Originally Posted by nihil
Hi e><ius,
I did a bit of rooting around and it seems that LM hash will support 142 characters. Also I did see mentioned that LC5 may have problems with non-Latin characters.
Nothing personal here mate, but when I used to play with these sort of tools I would give it a real simple password first, just to make sure that it was set up right and I was using it properly
Also, have you checked that LM hash hasn't been somehow disabled? I believe that you do it somewhere in the Registry by changing a "0" to a "1".
just a few thoughts................
Regardless of what LM can actually support, from what I understand, a password over 14 characters or using special characters automatically makes Windows use an NT hash.
Real security doesn't come with an installer.
-
March 28th, 2007, 01:13 AM
#17
Originally Posted by nihil
Incidentally, in the example you gave, you know that a dictionary attack won't work, so you could speed things up by turning that option off.
Why didnt i think of that? (rhetorical question)
Originally Posted by nihil
My suspicion would be that LC5 may not be handling the "@" symbol?
... and along with the first 7 characters? maybe so? ::back to testing phase::
-
March 29th, 2007, 07:48 PM
#18
FOUND!
20C5893D4E5336007BD5CA7982B10D14
=
Q!1W@2E#3
it took my machine 3 days to find. not bad? or bad? still had 17days to do the whole search.
took astalavista.net 3 seconds... maybe i shall switch my resources
-
March 29th, 2007, 11:22 PM
#19
That does seem rather a long time for a 9 character LM hash.............. based on your machine specs. Were you running it as a dedicated job, or were you doing other stuff as well?
OK your password was relatively strong, but I would still have expected it to be cracked in hours rather than days?
-
April 5th, 2007, 07:47 AM
#20
well... i couldnt make L0pht go faster... fastest it goes = used no more than 50% of cpu power always. i did set it on lower priority so it wouldnt lag my comp when i was on it. 3.9ghz p4 and 2gb ram. it seemed to come out as MD5 . i dont know if SP2 automatically uses it.
where do i search the registry for that option 0 - 1 for LM - MD5?
Similar Threads
-
By pinoy in forum *nix Security Discussions
Replies: 2
Last Post: July 13th, 2002, 01:02 AM
-
By UnsaKreD in forum Newbie Security Questions
Replies: 8
Last Post: February 22nd, 2002, 09:07 AM
-
By VictorKaum in forum Microsoft Security Discussions
Replies: 5
Last Post: February 16th, 2002, 02:27 AM
-
By antihaxor in forum Security Archives
Replies: 10
Last Post: January 19th, 2002, 02:00 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|