• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1017
  • Last Modified:

John the Ripper: Passwords displayed in UPPER case

I am using John the Ripper to crack passwords from my Windows Domain. (I'm the admin).
It always displays the passwords in upper case. Is there a setting that will display them in their true (mixed) case?

thanks
Mike
0
mcoleson
Asked:
mcoleson
  • 2
  • 2
1 Solution
 
kamichieCommented:
This comes from a flaw in the way some windows system's are setup to store passwords, I belive this is the Unix/Linux compatible type where case doesn't matter. John the ripper cracks these becasue it's easier to guess than the mixed case passwords. I would suggest running pwdump on your domain to obtain the true MD5 hashes of the passwords.
0
 
mcolesonAuthor Commented:
kamichie,
I did run pwdump to create the file and then fed it into John the Ripper.
Since people rarely use upper case in their passwords, I knew that John must be displaying them in upper.
0
 
kamichieCommented:
You probaly have your sever setup to contain lanman passwords, these are very weak as the convert the password to uppercase. In the pwdump file you should have two hashes one for lanman(LM) and one for NT, john the ripper should be able to crack the LM password then figure out the case of the NT password, you may have to play around with your options to getthis to work. I have posted an article from microsoft about the diffrent kind of hashes in the SAM database.

http://support.microsoft.com/default.aspx?scid=kb;en-us;299656
0
 
mcolesonAuthor Commented:
Makes sense. Thanks
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now