Dear X u r r o n,
You needn't actually crack the password if you know your hash, because
cleartext password is never used in Windows environment. You could apply
this patch to md4.c from Samba distribution:
--- md4.c.orig 2004-04-04 11:37:00.000000000 +0400
+++ md4.c 2004-10-27 23:01:31.000000000 +0400
@@ -130,6 +130,21 @@
C = 0x98badcfe;
D = 0x10325476;
+
+ if(n == 64){
+ int j;
+ unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
+ for(j = 0; j<16; j++){
+ if(!strchr(hexd, in[(j<<2)]))break;
+ if(in[(j<<2)+1])break;
+ if(!strchr(hexd, in[(j<<2)+2]))break;
+ if(in[(j<<2)+3])break;
+ out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
+ out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
+ }
+ if(j == 16) return;
+ }
+
while (n > 64) {
copy64(M, in);
mdfour64(M);
And change your password with Samba utilities by entering NT password
hash (in HEX) instead of password then prompted.
--Saturday, July 30, 2005, 12:15:47 PM, you wrote to
full-disclosure@lists.grok.org.uk:
Xurron> hiya!
Xurron> I have tried many softwares for cracking NTLM hashes, like NC4,
Cain and have't tried Rainbow Crack yet.
Xurron> Once i had to recover my XPs lost admin password and i spend
around 1 day but Cain/NC4 were not able to guess that. Then i posted
that hashes on some site and it did recover my passwd in around 5min. I
want to know which technique they used to crack so fast ?
Xurron> Xurron
--
~/ZARAZA
http://www.security.nnov.ru/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
