Windows SAM Encryption

[auio_head]

How is it possible to tell if the LANman plaintext password security hole has been fixed and also how is it possible to tell what sort of encryption is being used MD4, MD5 when using samdump to get password hashes. Will John the ripper try to crack MD4 system passwords or will it give some sort of error message? also what service pack does MD4 come as standard with because i have been having problems trying to nail a service pack 3 SAM password i have dumped the hashes by a method i am not even going to go into (My good God it took some time) and i know the password is at least 7 letters long anyone any idea how long the cracking of this could take i did some calculations at 1,000,000 try's a second (Jack the Ripper) it could take about 34 days anyone got any real experience of how long this is gunna take?

[Pecosian]

Well just off the top of my head I noticed that this site wasn't about teaching people how to get people's passwords, etc... You own this box? Doesn't seem like it... Why do you want this password so bad?... I'd suggest you delete the post or clarify your problem before too much time passes

[NullDevice]

Use LC4 ... http://www.atstake.com/research/lc/

[[WebCarnage]]

LC4 is now commercial and you have to pay for it (yuk).

Use Cain & Abel, and support the freeware movement revolution, Hoo-rah!

Get Cain&Abel here: http://www.oxid.it

[Maestr0]

If you want to see if a machine is running LANMAN authentication,its in the registry, I think it varies from NT to 2000/XP but in 2k and XP in can be set in local security policy>security settings>local policies>security options Lanman auth level. I believe the levels are 1-5 in the registry. If youre not on the box but on the network you could also attempt a LANMAN authentication and sniff the exhange. I think the LM is some mickey mouse encryption and the NTLM is MD4 and NTLMv2 is MD5 (I'm not sure about those though)


-Maestr0

EDIT: I dont know if LC4 will do NTLMv2, I dont think so, if thats what your trying to crack it probably isnt going to happen the v2 is alot better than the previous incarnations which were pretty easy.

[auio_head]

thanks maestro its nice to get a reply to my question, i don't usualy use forums because i usualy end up on some stupid tangent to my original question. Who cares why i want to know or what i am doing? by the way md4 and md5 encryption is hard to crack and all you people who think SAM security is gunna stay nice and simple are wrong the new ntmlv2 is 128 bit and with md4 encryption instead of the lanman storing all charecters as capitals and thus making cracking easy, md4 and md5 store both upper and lower case characters making passwords more difficult, also lanman stored passwords over 7 charecters in two blocks of 32bits giving you two sections of easily crackable (or at least possible to crack) blocks of 7, md4 however doesn't split into these blocks and stores the password whole, meaning if the password lets say is 14 characters using john the ripper this could take 170,000 years to crack. cryptoanalysis anyone?

i don't like LOPHT crack because after you have dumped hashes in the readily available version it won't try and crack the admin password which, lets face it, is adament to the integrity of the network. The Box i am using is my own and i am trying to find ways of getting into it because , well, i've got nothing better to do befoer i go back to uni

cheers for the info

audio_head