Monday, October 24, 2016

ophcrack and jtr coexisting notes


 when using ophcrack and dsusers.py do not specify lmhash as dsusers.py will   
 place the lmhashes and nthashes in the same file for use by ophcrack.  
   
 python ~/ntdsxtract/dsusers.py ~/domain.export/datatable.3 ~/domain.export/link_table.4 ~/temp \  
 --passwordhistory --passwordhashes --ntoutfile ~/domain.oph/domain-nthash.oph --pwdformat ophc --syshive ~/broadway/system  
   
 when running ophcrack via a cracking rig, here's the format:  
   
 # ophcrack -v -g -u -n 7 -l ~/oph/domain-nthash.log -o ~/oph/domain-nthash.cracked -d /usr/share/ophcrack/ \  
  -t vista_free:vista_proba_free:xp_free_fast:xp_german:vista_num:vista_special:xp_free_small \  
  -f ~/oph/domain-nthash.oph  
   
 -l log of work  
 -o cracked passwords. this is basically the oph file with the lanman and nt passes appended at the end.  
 -d location of rainbow tables  
 -t are the rainbow table directories  
 -f the oph hash file  
   
 let's say you've already run your grabbed hashes through john and want to crack the  
 leftovers via ophcrack.  
   
 # ./john --show=LEFT --format=nt nthash.out | grep -v "password hashes" | cut -d":" -f1,2 | \  
 sort -u > domain-nthash.sort && sed -i 's/:/::/g' domain-nthash.sort  
   
 # sort -u domain-nthash.oph > domain-nthash.oph-sort && mv domain-nthash.oph-sort domain-nthash.oph  
   
 # gawk -F:: '  
    FNR==NR {a[NR]=$1; next};  
    {b[$1]=$0}  
    END{for (i in a) if (a[i] in b) print b[a[i]]}  
  ' domain-nthash.sort domain-nthash.oph | sort -u > domain-nthash.oph.sort-new && mv domain-nthash.oph  
Post a Comment