Monday, October 24, 2016

ophcrack and jtr coexisting notes

 when using ophcrack and do not specify lmhash as will   
 place the lmhashes and nthashes in the same file for use by ophcrack.  
 python ~/ntdsxtract/ ~/domain.export/datatable.3 ~/domain.export/link_table.4 ~/temp \  
 --passwordhistory --passwordhashes --ntoutfile ~/domain.oph/domain-nthash.oph --pwdformat ophc --syshive ~/broadway/system  
 when running ophcrack via a cracking rig, here's the format:  
 # ophcrack -v -g -u -n 7 -l ~/oph/domain-nthash.log -o ~/oph/domain-nthash.cracked -d /usr/share/ophcrack/ \  
  -t vista_free:vista_proba_free:xp_free_fast:xp_german:vista_num:vista_special:xp_free_small \  
  -f ~/oph/domain-nthash.oph  
 -l log of work  
 -o cracked passwords. this is basically the oph file with the lanman and nt passes appended at the end.  
 -d location of rainbow tables  
 -t are the rainbow table directories  
 -f the oph hash file  
 let's say you've already run your grabbed hashes through john and want to crack the  
 leftovers via ophcrack.  
 # ./john --show=LEFT --format=nt nthash.out | grep -v "password hashes" | cut -d":" -f1,2 | \  
 sort -u > domain-nthash.sort && sed -i 's/:/::/g' domain-nthash.sort  
 # sort -u domain-nthash.oph > domain-nthash.oph-sort && mv domain-nthash.oph-sort domain-nthash.oph  
 # gawk -F:: '  
    FNR==NR {a[NR]=$1; next};  
    END{for (i in a) if (a[i] in b) print b[a[i]]}  
  ' domain-nthash.sort domain-nthash.oph | sort -u > domain-nthash.oph.sort-new && mv domain-nthash.oph  
Post a Comment