LOL enemc how else will your computer crack a pass if the CPU isnt working
maybe you could underclock it a bit or find a better cooling solution

what is the story of port 445 and 5000 in winxp is there any bug in them to exploit and gain root access??

hi nuorder, thx for your reply m8

yes iam sure the cpu has to work but i think 100% usage all the time must be a bug..

ah ok a friend of mine claimed that 100% usage is not usuall.. thx for the replys =)

hey all,

just finished an 8char table (after a few weeks of calculating)(yes at 100% cpu usage) and came to some weird results. I was testing a generated 8char lanmanhash and got weird errors about tables not containing 8char pw's. I almost paniced, thougt I did something wrong or so, but when I tried to crack it as a file (instead of the -h) it started to search... then I came to a pretty intresting conclusion.

I knew the lm-pw's higher then 8chars got split up in some way, but never really gave it much thougt until now, because when I cracked it as a file, rcrack splitted up the hashes in 2 16-digit parts and started to crack each part seperatly... that means that my 8char tables are worthless... but it also means that if you have 1-7 chars tables, you can split the hash in two parts, crack them separately, and join the resulting strings to the correct pw..... so with some 1-7char tables you can crack up to 14 digit pw's at least..

I wonder what happens when you use more then 14 digit pw's.... what's the max lm-pw length anyway... does it switch to NT hashing in that case...

so many questions, so little time..

I have a program called NN_BRUTE (Windows Network Neighborhood Password Cracker v3.0)
--------------------------------------------------------------

This is FREEWARE - spread it around as much as you like


Q: What does this program do?

A: It tries to find the password on a shared resource in Windows Network Neighborhood.


Q: What's "name of resource"?

A: "name of resource" is the address of the shared resource you are trying to gain access on. If the computer name is 'Ball' and the shared hard drive is called 'Kjekk', just enter '\\Ball\Kjekk' here (without the quotes).


Q: What's "mapped drive"?

A: If you want to, the program can map the shared resource to a drive. This will ie. make '\\Ball\Kjekk' to, lets say; 'X:'. If you don't want it to map a drive, just leave the edit-box empty.


Q: What should my user name be?

A: It doesn't really matter what you enter as your user name. The default should work quite alright, if not - just enter the user name you used when logging onto the Microsoft Network.


Q: What do I need the list of characters for?

A: If you are going to use the 'Brute Force' method, this will go through the list, trying all possible matches with those characters. The default list has a lot of characters that normally people don't use in their passwords; so you should perhaps check this list and edit it to your preference.


Q: What's "word list"?

A: If you are using the 'Word List' method, you need a file containing a list of words, one word on each line. Such files are to find at http://www.antionline.com/archives/text/word-lists/ and programs to generate such files can be found at http://www.anticode.com/. When you have a word-list all set and ready to go, just enter the filename in the "word list" edit-box in the program.


Q: What does "starting point" do?

A: The 'Brute Force' method is very time consuming, and since you are using this program on a Windows box, you might need to reboot for some reason. (I usually reboot 10+ times a day on my Win box) If you would have to start over every time you had to reboot or for some other reason close down this program, you would never get the password. That is why I made a saving feature. (thanks to Emeri1 for giving me the idea) When you hit the 'Abort' button, you are asked if you would like to save your effort so far. The data will be saved into a .ini-file, and the next time you start to crack it will ask you if you want to load the data. Another nice thing to do with this "starting point" feature is that you can crack using several machines, all cracking on the same resource, but with different starting points... This will probably let you find the password a lot faster.


Q: What different does it make if I show the progress or not?

A: While it is nice to see the progress and have some idea of how much you have cracked, it is CPU consuming. If you choose not to see the progress, this will give more power to the actual cracking.


Q: How does this program work?

A: That depends on the method you use. If you choose to try the 'Word List' method, it will start on the first line of the file, try the password and check if it matches. If it does, a message box will appear on your screen telling you so; if not - it will continue to the next line in the file, try the password and check if it matches. This loop will repeat until the password is found or the last line in the file is reached. If that is the case, you should probably get a better word list or use the 'Brute Force' method which I now will explain. The 'Brute Force' method will take an array of characters and try all possible matches. This means that if you have listed all characters that exists, theoretically, you will find the password (sooner or later, anyways . This method is of course very time consuming, considering it will try ALL possible matches with the characters you have entered. Lets say the password is 4 characters long, and you have entered 'abcdefghijklmnopqrstuvwxyz' as your character list (which is a relatively small list), you could end up with close to 500000 tries, at the worst.


Q: Who's the lamer who made this shitty program? May he burn in hell!

A: Thank you. I, m0nngis of DfG (http://come.to/dfg) made it, and I can be reached by e-mail at mongo@ilovejesus.com... Please don't hesitate to contact me if you have something smart to tell me, such as bug reports etc.



About network-sharing in Windows:
---------------------------------

* The password cannot be more than 8 characters long. So if you are planning on using the 'Word List' method, you should generate a list consisting of words that contains 8 characters and less.

* The password is NOT case-sensitive. This means that 'RoMpE' is the same as 'rompe', and if you should crack this password using the 'Brute Force' method; having a character-list looking like this: 'abcdefghijklmnopqrstuvwxyz' would work just as well as 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' AND it would save you a lot of time.



Benchmark:
----------

I ran a little benchmark on my machine; a Pentium III 450MHz with 256MB RAM running on Windows 98. The password I used was 'zzzz', a word consisting of 4 characters, all characters the last in the list (which was 'abcdefghijklmnopqrstuvwxyz'). It took 1 hour, 6 minutes and 39 seconds before I had the password, and by that time 475254 different words had been checked. To my knowledge; this means that it tried about 119 passwords per second.



About the 'Brute Force' method:
-------------------------------

If you are going to use the "starting point" feature NOT loading it from the .ini-file, you should probably know some basic stuff about the method. Lets say you enter 'xya' as you starting point, and you are using 'abcdefghijklmnopqrstuvwxyz' as your character list.

xya
yya
zya
aza
bza
cza
dza
eza
fza
gza
hza
iza
jza
kza
lza
mza
nza
oza
pza
qza
rza
sza
tza
uza
vza
wza
xza
yza
zza
aab
bab
cab

As you see, the first character in the word you entered as your starting point is the one which changes most often, then the second character, and so on...

Hi,

got the password. But Ports 139 and 445 are closed.
Now what to do to get in the other systems in the network neighborhood

btw: tool works fine, thx for Tut
greetz

hi,
good tutorial man i prefer too lc4 i have always get of good results

JTR and LC4 is the tools of my choise aswell.

Cain is very good for ARP poison etc =)
I love cain.

I wish I had one of those hugeass tables =O

good old tuto lol, j t r is the best for me

link doesnt work =O

I'll upload my wordlist when I get home tonight. Its roughly 70 MB with all duplicates removed.

Thank you black that would be REALLY nice.
I've long searched for a program that erases duplicates from txtfiles but never found one working tool.
---------
Is there a newer version of pwdump yet ?
I don't know but sometimes the outputfile of pwdump has 0kb
I tried batches but won't work

thx @ Blackknight

that would be fine! i wait hopefully

Sorry for the delay but here is the wordlist I made up a few weeks ago.

Using the -rules switch with John the ripper will give you even better results. If you use windows, Cain and Able has a very nice dictionary attack with functions similar to Johns -rules.

Enjoy

how come u all get it in 4-5 hours[i even saw 1 hour]
and lc is taking me 10 hours ?//////////
my comp is slow maybe?[p4 1.4 256sdram]
maybE?

Thanks, fine wordlist.

Guys
i Bruteforced an Hash
but all i got is this after 10 hours[4 hours remianinig]
LM PASSWORD:
MEOLVPA???????
this will discover the all password when its done?cuz its been like that for few hours now[on the same letter]
Btw any 1 can guess what's the next letters cuz my english not so good:)
[cuz in the ducoment of the LC4,they said that if u got half of pass u should try looking at the pass and try to guess the next letters,like: SOME????>SOMEBODY
cool?]
thx in advnce.

Dando just post the hashes or PM them to me so I can try.

ok sry
look at your pm plz
thx.

Just wondering if anyone can help me with this one?

rezen:1004:eef222e3fb4d118c67b65e921a3d7b9c:15d65c3c85a2f9aa89003351265af193:::


Caus' i've just started building my Rainbow tables and that takes a while, and are in need of this one long time before they're finnished..

sry mate i got a lame comp
14 hours until cracking a pass and i already got 1 working
ask Blackknight
hes a kind fellow and he can crack it real fast[4 minutes man! 4 minutes,and myn take 14 hours!l ololol im so lame omg]

I was able to get the second half of the hash with my LM tables. The first half of the hash must have some very strange characters. Here is what I have so far.

???????&WMZH@

I guess I need to use all characters in my next set of tables.

nice post man, gonna try some!

I wonder what happens when you have chinese chars in you pass

rezen <notfound>&WMZH@ hex:<notfound>26574d5a4840


maybe try that lcrack program to get the rest of the password

You can try john the ripper for the rest of the hash. I would try john -i:all but it may take a lot longer than you care to wait. My tables are A-Z 0-9 ! @ # $ % ^ & * ( ) - _ + = with 99.90% probability. By tomorrow morning I will have 99.94% but I highly doubt that your hash will be found with my last two tables. If anyone would like to help generate 100+ tables we can do A-Z 0-9 ! @ # $ % ^ & * ( ) - _ + = ~ ` [ ] { } | \ : ; ' < > , . ? / with good probability. That would be 60-80 GB of tables Im not sure I really need that though.

Can anyone help me with this thing?

Hmm.. How do i use John the ripper, and where do i find it? I've tried to use it but only got some error msg :/..

Btw, i think they can have used swedish character table so maybe they have Å, Ä or Ö in the pass :/

gijukud6 it took my rainbow tables 33 seconds total to find the plaintext.

Administrator:500:57737bf0b68f187287c6a26088c49f1f:5f4e57fa86aff96bf56ac6571926c
330:::

Plaintext: RJSEMFWLAK

ChRiiLLe you can find John the ripper here.
http://openwall.com/john/
For brute forcing you can use "john -i:all" for all characters or "john -i:alpha" for only alpha characters. If you have a wordlist you can use "john -w:yourwordlist.txt hash.txt"

your rainbow table can crack the pass >8 characters you took a longtime to generate this tables

Blackknight:

If i use that "all" does it include Å, Ä and Ö?

No ChRiiLLe it would not but you could make a custom character set instead.

nice work blackkinght, i wish i had such tables like yours

i tried it!
MY results looked like this

Administrator:500:2848822810e16c51aad3b435b51404ee:f441f41aa59214cccc3d4ba5ed155
0cc:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

but i use LC4 and i loaded this product into LC4 and everytime LC4 give me the same answer!

"There is an error accessing this file.
Either the file you are trying to load is not a valid LC4 saved session"

what i´ve done wrong!?

Hi.....
i cracked ca. 5 hours. But i got loads of ??????

washedup net*muxi hex:6e65742a6d757869
Administrator net*muxi hex:6e65742a6d757869
fsadmin mfs*admin hex:6d66732a61646d696e

Thank you manni.
But can anyone crack this 2 hashes:

u dont need them as they are user accounts from iis or so

Just for kicks

statistics
-------------------------------------------------------
plaintext found: 10 of 10 (100.00%)
total disk access time: 267.07 s
total cryptanalysis time: 286.84 s
total chain walk step: 124435475
total false alarm: 292066
total chain walk step due to false alarm: 284849819

result
-------------------------------------------------------
TsInternetUser je-7IdeG6aTlpA hex:6a652d37496465473661546c7041
washedup net*muxi hex:6e65742a6d757869
Administrator net*muxi hex:6e65742a6d757869
fsadmin mfs*admin hex:6d66732a61646d696e
IUSR_ADMIN_FS nkzJGFcQ2v$6Mv hex:6e6b7a4a47466351327624364d76
IWAM_ADMIN_FS f0o2kWldY6@0Ie hex:66306f326b576c64593640304965

Guys,

I painfully read this whole thread before replying to make sure no one else helped most of you. It looks like Blackknight has done a lot of what I was going to do you ya. I have made the LM tables too and I also got MD5, MD4, Pix, MySQL, and then some. Now what can you do to get Rainbow tables? Well... a lot of groups out there are offering online crackers for a charge and others are charging for DVD copies of the tables. The best way to get the tables is to make them your self or just form a group of your own and make them as a team. It is a proven fact that rainbow Tables are much better than dic or brute force. I have made a team www.midga.org that is building an online MD5/LM cracker. We have got the cracker up and working but we are still making tables. We have opened membership to the group for about 10 new members with 1.6 GHz or better computers to help make more tables. If you want to join and have access to the online cracker, then hurry up and sign up to get your slot. After we get the next set of tables we will open registration again. Now if you have hashes you want tested just hop over to ( http://www.waraxe.us/forum/viewtopic.php?t=269 ) and post it and i will crack it for ya. Again it is best to make your own tables or from a group to do it. I hope this helps and if you have any questions about Rainbow Crack just PM me and i will try to help.

Slimjim100