#11 pwdump and cain LM and NTLM results

closed
James Nobis
None
5
2011-05-28
2009-10-08
Mr Wolf
No

I'm using rcracki_mt with lm_all-space Rainbow tables:
if I submit a hash with the option -h, it only finds the LM password, while, if I submit a Fgdump file, it finds and it displays the NTLM password, but, if I use the -o option to write the password to a file, it only writes the LM password

Discussion

  • James Nobis
    James Nobis
    2009-10-08

    cain test

     
    Attachments
  • James Nobis
    James Nobis
    2009-10-08

    pwdump test

     
    Attachments
  • James Nobis
    James Nobis
    2009-10-08

    • assigned_to: nobody --> neinbrucke
     
  • James Nobis
    James Nobis
    2009-10-08

    Confirmed on 32bit linux with the cain (-c) and pwdump (-f) options.

    pwdump

    rcracki_mt/rcracki_mt -f pwdump_lm_ntlm.test -2 /mnt/rainbow_tables/freerainbowtables/lm/lm_all-space#1-7_? -o results.txt

    screen output:
    <snip>
    plaintext of b75e0c8d76954a50 is 23
    <snip>
    plaintext of f5f4a866f8138daf is A123*A1
    <snip>
    result
    -------------------------------------------------------
    SyXV a123*a123 hex:613132332a61313233

    results.txt
    b75e0c8d76954a50:23:3233
    f5f4a866f8138daf:A123*A1:413132332a4131

    -------------------------------------------------------------------------------------------------------------------
    Cain
    rcracki_mt/rcracki_mt -c cain_lm_ntlm.test -2 /mnt/rainbow_tables/freerainbowtables/lm/lm_all-space#1-7_? -o results.txt

    screen output:
    <snip>
    plaintext of b75e0c8d76954a50 is 23
    <snip>
    plaintext of f5f4a866f8138daf is A123*A1
    <snip>
    result
    -------------------------------------------------------
    SyXV a123*a123 hex:613132332a61313233

    results.txt:
    b75e0c8d76954a50:23:3233
    f5f4a866f8138daf:A123*A1:413132332a4131

     
  • James Nobis
    James Nobis
    2009-10-08

    • summary: LM hash problem --> pwdump and cain LM and NTLM results
     
  • James Nobis
    James Nobis
    2009-10-08

    Reporter of the bug is running windows.

     
  • Mr Wolf
    Mr Wolf
    2009-10-08

    I'm using Windows XP Professional 32 bit

     
  • tnx for pointing out this bug, fixed in next release!

     
  • Mr Wolf
    Mr Wolf
    2009-10-09

    No, thanks to you!
    Can you post it here, so I can receive an e-mail when an answer is posterd here?

     
  • James Nobis
    James Nobis
    2011-05-27

    neinbrucke fixed the condition where case correction fails and it has to use unicode correction. In that case it does write the output to the file after his fix and that has been in several releases already. However, for the simple case correction condition this had not been resolved. It is now resolved for -f and -c. The correct version will be available for download as rcracki_mt_0.6.6_beta4 within the next 24hours. I'll post here with the link when that happens.

     
  • James Nobis
    James Nobis
    2011-05-27

    • assigned_to: neinbrucke --> quelrod
     
  • James Nobis
    James Nobis
    2011-05-28

    fixed version pushed to the download page (http://www.freerainbowtables.com/download/) and is rcracki_mt_0.6.6_beta4.

     
  • James Nobis
    James Nobis
    2011-05-28

    • status: open --> closed