Opening password file with John The Ripper



  • I have an old Windows domain SMB sniffer file circa 1998 and just out of interest I want to see if I can crack it now with John The Ripper. I believe the file was generated using the L0phtCrack SMB Packet Capture feature. The format of the file is a list of entries such as:

    CADE\idk:3:4c34936620f47214:f08a4ae250ce716af0858f169ff224a10a9a3e012ad9341f:112fcb8224016bc51c65d2cf9c9d4d5084bb8f8416a94adb

    The format appears to be: DOMAIN\username:3:SMB challenge:encrypted LANMAN hash:encrypted NTLM hash

    Not sure what that first 3 is but it is the same for all entries. This probably uses some defunct Windows NT authentication method with the 8 byte challenge and 24 byte responses.

    I cannot open the file as is naively with John. So I would like to know if I can either specify some options or reformat the file so that I can open it in John The Ripper.



  • https://openwall.info/wiki/john/hash-formats

    Clean up your data to just have: username:LM:NTLM

    that works on my end with john, probably will work with hashcat as well.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2