We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

John the Ripper: Passwords displayed in UPPER case

mcoleson
mcoleson asked
on
Medium Priority
1,143 Views
Last Modified: 2008-02-01
I am using John the Ripper to crack passwords from my Windows Domain. (I'm the admin).
It always displays the passwords in upper case. Is there a setting that will display them in their true (mixed) case?

thanks
Mike
Comment
Watch Question

Commented:
This comes from a flaw in the way some windows system's are setup to store passwords, I belive this is the Unix/Linux compatible type where case doesn't matter. John the ripper cracks these becasue it's easier to guess than the mixed case passwords. I would suggest running pwdump on your domain to obtain the true MD5 hashes of the passwords.

Author

Commented:
kamichie,
I did run pwdump to create the file and then fed it into John the Ripper.
Since people rarely use upper case in their passwords, I knew that John must be displaying them in upper.
Commented:
You probaly have your sever setup to contain lanman passwords, these are very weak as the convert the password to uppercase. In the pwdump file you should have two hashes one for lanman(LM) and one for NT, john the ripper should be able to crack the LM password then figure out the case of the NT password, you may have to play around with your options to getthis to work. I have posted an article from microsoft about the diffrent kind of hashes in the SAM database.

http://support.microsoft.com/default.aspx?scid=kb;en-us;299656

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Makes sense. Thanks
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.