How to use BarsWF for Windows SAM passwords?

Moderator: BarsMonster

Post Reply [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
isofan
Posts: 5
Joined: Mon Mar 23, 2009 8:38 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

How to use BarsWF for Windows SAM passwords?

Post by isofan » Mon Mar 23, 2009 2:55 pm

Hello,

I am experimenting with different password recovery tools. For that purpose, I have setup a test machine and set a very simple Administrator Password (12345678).

First, I dump the passes in the SAM using pwdump, and I get a line that look exactly like this:
Administrator:500:0182BD0BD4444BF836077A718CCDF409:259745CB123A52AA2E693AAACCA2DB52:::

I have tried both hash values (the first one should be the "old" Net Manager hash, the second one the NTLM Hash. I can get the passwords using "john the ripper" from that line in seconds. But BarsWF fails on both hashes. Can you explain why? Is BarsWF incompatible with this kind of hashes, and how can I make it compatible?

Thanks for any explanation.

Master_of_Erdinger
Posts: 20
Joined: Mon Mar 23, 2009 3:01 pm
Location: Germany
Contact:

Re: How to use BarsWF for Windows SAM passwords?

Post by Master_of_Erdinger » Mon Mar 23, 2009 3:09 pm

AFAIK the answer is quite simple:
These hashes aren't MD5 hashes. But BarsWF is a oder the MD5 "cracker".
Its like you try to push an elephant trough a door: It doesn#t fit. ;)


And a big HI to you and the rest of the community, finally I managed to register..
I couldnt resist to erase / ;)

isofan
Posts: 5
Joined: Mon Mar 23, 2009 8:38 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by isofan » Mon Mar 23, 2009 3:12 pm

Hi,

thanks alot for your answer, I was already assuming this. So the question is: will there be a CUDA-enabled version in order to retrieve Windows (XP; Vista) System passwords? Or is there another program that fast in order to retrieve these passes?

Another question would be: which popular programs or systems use MD5 hashes? I'd like to generate some passes from real-world applications and try how fast I can decode them using BarsWF :)

Master_of_Erdinger
Posts: 20
Joined: Mon Mar 23, 2009 3:01 pm
Location: Germany
Contact:

Re: How to use BarsWF for Windows SAM passwords?

Post by Master_of_Erdinger » Mon Mar 23, 2009 3:24 pm

Websites often use MD5 hashes to check passwords. But its a bit more complicated to get these hashes.
In case I am using my Linux-Box at the moment I can't list you some Tools, but as far as i remember, reading the passwords isn't that easy.
I believe they are somewhere in the Kernel, so you need to infiltrate your Windows from another system. Then I don't know in which way they are encrypted.
If it's like Microsoft always do, the Passwords are in plain text :D

Sorry i can't help you with this. I do not know anything about Windows passwords.

Greets

User avatar
LordMike
Posts: 184
Joined: Tue Feb 10, 2009 8:34 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by LordMike » Tue Apr 07, 2009 4:11 pm

What you're asking for, is LM and NTLM cracking.
It's on the wishlist. BarsFW asked for simple C code (To compile into Cubin (CUDA code)).

Until this is delivered, it won't ever be implemented.

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by x4d3 » Tue Apr 07, 2009 10:37 pm


io2345
Posts: 2
Joined: Fri Apr 10, 2009 3:12 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by io2345 » Fri Apr 10, 2009 3:19 pm

Is that really true, that you only need the second 32-digit hash-part of the PWDUMP-Output, or do you need both passwords for both hashes and have to combine them?
As I don't own a "newer" Graphic Card, I would like to have a SSE2-Version of NTLM-BarsWF (time isn't a matter for me...)

x4d3
Posts: 29
Joined: Tue Oct 14, 2008 4:10 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by x4d3 » Fri Apr 10, 2009 4:06 pm

io2345 wrote:Is that really true, that you only need the second 32-digit hash-part of the PWDUMP-Output, or do you need both passwords for both hashes and have to combine them?
As I don't own a "newer" Graphic Card, I would like to have a SSE2-Version of NTLM-BarsWF (time isn't a matter for me...)
Correct. Only the second 32bit hash. The other hash is LM hash, which you can crack with rainbow tables in a matter of minutes.

For now I have no plans to implement the SSE2-version of NTLM. Even properly implemented, it is a LOT slower than any cheap nvidia card.

Alluz
Posts: 4
Joined: Tue Jan 13, 2009 9:55 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by Alluz » Thu Apr 16, 2009 12:28 am

First, try to crack LM hashes instead NTLM, because, LM strip the password in two parts of seven chars, and then, encrypt every one.
By default, windows 2k,2k3 and xp, stores LM hashes.

PD: Try EDPR for LM cracking.

io2345
Posts: 2
Joined: Fri Apr 10, 2009 3:12 pm
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by io2345 » Fri Apr 24, 2009 5:38 am

I don't really have a clue, what the -FIELD (192 or 256) Variable of the NTLM_CUDA-EXE is used for. Has that anything to do with the length of the password?
Take time for your answer. As I am on 32MHashes/s (Nvidia 8400GS), and the password probably has 10 digits, this will take a loooong time...

User avatar
LordMike
Posts: 184
Joined: Tue Feb 10, 2009 8:34 am
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Re: How to use BarsWF for Windows SAM passwords?

Post by LordMike » Fri Apr 24, 2009 1:17 pm

That sounds more like the number of SP's used... ?... Though I'm no expert on this :P

It seems highly unlikely that something as general, as CUDA, would
include a variable for 'password length' in their app... I mean,
folding@home doesn't break passwords :P

Post Reply
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable

Who is online

Users browsing this forum: No registered users and 1 guest