when using ophcrack and dsusers.py do not specify lmhash as dsusers.py will
place the lmhashes and nthashes in the same file for use by ophcrack.
python ~/ntdsxtract/dsusers.py ~/domain.export/datatable.3 ~/domain.export/link_table.4 ~/temp \
--passwordhistory --passwordhashes --ntoutfile ~/domain.oph/domain-nthash.oph --pwdformat ophc --syshive ~/broadway/system
when running ophcrack via a cracking rig, here's the format:
# ophcrack -v -g -u -n 7 -l ~/oph/domain-nthash.log -o ~/oph/domain-nthash.cracked -d /usr/share/ophcrack/ \
-t vista_free:vista_proba_free:xp_free_fast:xp_german:vista_num:vista_special:xp_free_small \
-f ~/oph/domain-nthash.oph
-l log of work
-o cracked passwords. this is basically the oph file with the lanman and nt passes appended at the end.
-d location of rainbow tables
-t are the rainbow table directories
-f the oph hash file
let's say you've already run your grabbed hashes through john and want to crack the
leftovers via ophcrack.
# ./john --show=LEFT --format=nt nthash.out | grep -v "password hashes" | cut -d":" -f1,2 | \
sort -u > domain-nthash.sort && sed -i 's/:/::/g' domain-nthash.sort
# sort -u domain-nthash.oph > domain-nthash.oph-sort && mv domain-nthash.oph-sort domain-nthash.oph
# gawk -F:: '
FNR==NR {a[NR]=$1; next};
{b[$1]=$0}
END{for (i in a) if (a[i] in b) print b[a[i]]}
' domain-nthash.sort domain-nthash.oph | sort -u > domain-nthash.oph.sort-new && mv domain-nthash.oph
Monday, October 24, 2016
ophcrack and jtr coexisting notes
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment