We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.
This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.
The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.
Example : Password cracker output for “Administrator” account
- LM password is ADMINISTRAT0R.
- NT password is ?????????????.
We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.
This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.
- Password length : 13 characters.
- Details : 1 number + 12 case-sensitives letters.
- Possibilities : 2^12 = 4096 choices.
In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.
Execution time : < 2 seconds to crack more than 1200 NT Hashes. You can download lm2ntcrack here: lm2ntcrack-current.tgz
Or read more here.