Comments on: lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM)

By: John

John — Wed, 24 Dec 2008 20:52:19 +0000

And I must bash a little bit. The author must not have taken basic CS courses? Creating an array full of all the permutation before you do any hash computation/comparison is a huge waste of time and memory (and causes really messy codes). Use DFS on a binary tree, where each branching depends on case (and obviously the char that doesn’t need different case, you don’t branch). A few simple recursions, fewer lines of code, much faster, and much more elegant.

By: John

John — Sat, 20 Dec 2008 10:43:15 +0000

above, i meant to say returns a wrong password given an LM password and NT (it’s late here…getting tired)

anyway, people who think that cracking password is so 2 years ago, sometimes you want to gain access to things other than windows logon. This means that you need actual password to see if the passwords are reused.

People who think that rainbow tables are so much better. Password cracking tools like JtR will crack certain passwords in a matter of seconds (dictionary based word with simple letter in the back…something like “Rainbow1″)…whereas rainbow table based cracking will still take you about 10-15 minutes (depending on your table). So you need to run both to crack the passwords that are easy to crack with JtR, with JtR, then crack the uncracked ones with rainbow tables.

By: John

John — Sat, 20 Dec 2008 10:38:49 +0000

This tool doesn’t seem to work? It gives a wrong password. Haven’t looked at the code closely as to why…but the tool returns errnous NT hash given an LM hash.

By: Fischer

Fischer — Wed, 22 Oct 2008 02:08:42 +0000

Huge tables, I will grant you that. I’ve got a 64GB set from the Shmoo group, for all printable characters. But RainbowCrack for windows is cake to run. Probably could use some performance tweaking, but the longest I’ve ever had it run on an LM hash is about 15 minutes, and it returns the NT hash as well.

You should look at the Pass the Hash toolkit. One tool in there, whosthere, will dump LM hashes for any user logged in to a system, including domain logins, provided LM hashes haven’t been disabled by policy. These domain LM hashes can be cracked just like any other LM hash.

By: therealdonquixote

therealdonquixote — Tue, 21 Oct 2008 22:27:45 +0000

I like this tool. Especially its intriguing focus on NT hashes. Getting an LM pass cr@cked is usually pretty easy (just run SAM inside or some other run of the mill pass cracker) the NT pass is always a pain in the McCain. As for its speed, less than 2 seconds is pretty darn good for a brute force attack. I bet the specialization in just NT hashes has something to do with the speed up. Anyone know if this would have any success at cracking an NT hash for a Window$ machine that uses a domain specific login and pass? I guess I should look that up.

RainbowCrack is the pretty much the best cr@cker out there when it comes to hashes, but it can take alot of work to get it humming depending on which distro you are using. Also, HUGE rainbow tables are a must with RC.

This new tool could lighten the load in my naughty little toolbox.

By: Vinícius K-Max

Vinícius K-Max — Tue, 21 Oct 2008 19:38:33 +0000

LC4/LC5 does this as well.

By: Lavr

Lavr — Tue, 21 Oct 2008 14:37:30 +0000

Cain does this as well.

By: Fischer

Fischer — Tue, 21 Oct 2008 12:07:55 +0000

RainbowCrack does this as well, though I’m not sure how to make it crack just the NT hash. But when I task it to find an LM hash password, if I provide them both in the pwdump format, it will give the NT hash for every LM hash it cracks.