mleo2003 Posted March 24, 2008 Share Posted March 24, 2008 I've been studying encryption and password hashing for sometime now, and as a project, I decided to make a database in the same style as the one that powers md5lookup.com, but for a different algorithm. Since this was a test, I decided to choose a much easier, and smaller hash method, to reduce the size I would have to hold, as well as the time it would take to make the database. To that end, I chose the Lanman hash, that older versions of Windows used, due to it being relatively easy to compute, plus I could use it myself. Well, just to lookup words from LM hashes didn't seem enough, so I thought about how to make it work even better, and decided that, once a word was found with the LM database, I could do some munging to the text in it, and discover the NTLM hash that matched the correct case. So, I did. The end result is my pwdump companion website: http://skinnywhiteguy.ath.cx Since this website has a few tools that make using pwdump on computers a little easier, I figure everyone who has those logs might want a way to easily discover what is behind those prompts. At least, I figured I would, so I figured I would share my new toy with others. When you run pwdump, you get a few lines of output, one for each user on the machine. Just take one of those lines (that actually has output for LM and NT hashes), paste it into the input box on the website above, and hit the Enter button. If it's stored in my database, you will find the plaintext version of the password. The current character set I'm using is: 0 - 5 : All Chars allowed by LM (look in the Hak5 wiki for a list of those) 6 : Alpha & Numeric 7 : Alpha And, given how LM works, those apply for the next 7 too, so 8-12 also have all chars, etc... The entire database only takes up 68GB of data, so it's not even that huge. I can't remember how big a relative Rainbow Table is, but this provides instant lookup, and I have a feeling it is pretty close on size, so it will work for my purposes. Just as a general note, this is hosted on a virtual machine on my home connection, which is dialup, so it is likely to be up and down at random times. Please be nice to my box, I'd hate to lose any of this. As it was given to me by Jason Davis, I also offer up the source to the utils that made the data files for this project, and will gladly try to help anyone interested in doing this with another algorithm. It only took me around 1 day to make the database I have now, and that was through an emulated machine, so I can only imagine how fast a complete hardware solution would be. Until I get a better connection, I'll be trying email the utils to interested parties. Just shoot me a line here, and let me know. Have fun, and happy hacking. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.