Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Passwords with Lan Manager (LM) under Windows
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 22 Sep 2005 05:32:20 +1000

Even NTLMv2  will break the hashing into chunks which are able to be individually broken down. Consider Lanman gone - 
as it is the tables are completely finished for lanman with ANY combination of Alt+xxx chars
NTLM is close to completion
A 255 char NTLM v2 password is easy as it is derived in chunks as I posted previously - each of these can be checked 
individually in a table
I can load the complete lanman tables on my laptop - so why should I care about John or something else? The simple 
answer is - I get the raw hash - I have your password

        -----Original Message----- 
        From: Tim [mailto:pand0ra.usa () gmail com] 
        Sent: Wed 21/09/2005 3:55 AM 
        To: pen-test () securityfocus com 
        Subject: Re: Passwords with Lan Manager (LM) under Windows
The hash is not case sensitive, everything is pushed to uppercase.
As for the 142 Chars I know it supports 0-9,A-Z,special chars, and
some Alt-ASCII characters but I don't know to what extent.

On 9/20/05, Cedric.Baechler () vtg admin ch <Cedric.Baechler () vtg admin ch> wrote:

Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with 
Windows 3.11 and is not very secureThe hash is case-insensitive.

* The character set is limited to 142 characters.
* The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will 
be padded with nulls to get the password to 14 characters.
* The hash result is a 128-bit value.
* The hash is one-way function.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]