John the Ripper: Passwords displayed in UPPER case

Posted on 2006-03-31
Last Modified: 2008-02-01
I am using John the Ripper to crack passwords from my Windows Domain. (I'm the admin).
It always displays the passwords in upper case. Is there a setting that will display them in their true (mixed) case?

Question by:mcoleson
    LVL 4

    Expert Comment

    This comes from a flaw in the way some windows system's are setup to store passwords, I belive this is the Unix/Linux compatible type where case doesn't matter. John the ripper cracks these becasue it's easier to guess than the mixed case passwords. I would suggest running pwdump on your domain to obtain the true MD5 hashes of the passwords.

    Author Comment

    I did run pwdump to create the file and then fed it into John the Ripper.
    Since people rarely use upper case in their passwords, I knew that John must be displaying them in upper.
    LVL 4

    Accepted Solution

    You probaly have your sever setup to contain lanman passwords, these are very weak as the convert the password to uppercase. In the pwdump file you should have two hashes one for lanman(LM) and one for NT, john the ripper should be able to crack the LM password then figure out the case of the NT password, you may have to play around with your options to getthis to work. I have posted an article from microsoft about the diffrent kind of hashes in the SAM database.;en-us;299656

    Author Comment

    Makes sense. Thanks

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now