(08-30-2013, 02:59 AM)PnkPanther Wrote:(08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.
Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".
Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8 (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completedI did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.