Jump to content

Pwdump Companion Website


Recommended Posts

I've been studying encryption and password hashing for sometime now, and as a project, I decided to make a database in the same style as the one that powers md5lookup.com, but for a different algorithm. Since this was a test, I decided to choose a much easier, and smaller hash method, to reduce the size I would have to hold, as well as the time it would take to make the database. To that end, I chose the Lanman hash, that older versions of Windows used, due to it being relatively easy to compute, plus I could use it myself.

Well, just to lookup words from LM hashes didn't seem enough, so I thought about how to make it work even better, and decided that, once a word was found with the LM database, I could do some munging to the text in it, and discover the NTLM hash that matched the correct case. So, I did.

The end result is my pwdump companion website: http://skinnywhiteguy.ath.cx

Since this website has a few tools that make using pwdump on computers a little easier, I figure everyone who has those logs might want a way to easily discover what is behind those prompts. At least, I figured I would, so I figured I would share my new toy with others. When you run pwdump, you get a few lines of output, one for each user on the machine. Just take one of those lines (that actually has output for LM and NT hashes), paste it into the input box on the website above, and hit the Enter button. If it's stored in my database, you will find the plaintext version of the password.

The current character set I'm using is:

0 - 5 : All Chars allowed by LM (look in the Hak5 wiki for a list of those)

6 : Alpha & Numeric

7 : Alpha

And, given how LM works, those apply for the next 7 too, so 8-12 also have all chars, etc...

The entire database only takes up 68GB of data, so it's not even that huge. I can't remember how big a relative Rainbow Table is, but this provides instant lookup, and I have a feeling it is pretty close on size, so it will work for my purposes.

Just as a general note, this is hosted on a virtual machine on my home connection, which is dialup, so it is likely to be up and down at random times. Please be nice to my box, I'd hate to lose any of this.

As it was given to me by Jason Davis, I also offer up the source to the utils that made the data files for this project, and will gladly try to help anyone interested in doing this with another algorithm. It only took me around 1 day to make the database I have now, and that was through an emulated machine, so I can only imagine how fast a complete hardware solution would be. Until I get a better connection, I'll be trying email the utils to interested parties. Just shoot me a line here, and let me know.

Have fun, and happy hacking.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...