Technology Insights

Compile John the Ripper on x86-64 Cent OS with the Jumbo Patch

I am getting ready for a password contest at Defcon that Alex and I and a few other guys from the Hashcat team are going to enter and I decided to install John the Ripper on a Cent OS box in case I needed it for anything. John is in the yum repos however the version is pretty old and it is not compiled with NTLM support so I decided to build it from source so that i could apply the Jumbo patch which adds support for a whole lot of different algorithms which are normally only available in the pro version of John the Ripper.

Below I show the steps I took to get it compiled and working on Cent OS 64 bit:

Information Security

OCLHashcat: Multi GPU Password Cracking on Linux using Open CL

Recently some pretty major advances have come around in the world of GPU based hash cracking. Up untill now there was not much for Linux which would utilize multi GPUs to crack password hashs. This has been changed with the release of Oclhashcat. The release of oclhashcat signifies a signifigant jump in the speed on linux based GPU systems. There is also a cpu based version called hashcat but for this article I will be reviewing oclhashcat

Technology Errors

make: *** No rule to make target -largtable2, needed by ../../bin/linux/release/CUDA-Multiforcer. Stop.

When attempting to compile the CUDA Multiforcer on CentOS Linux I ran into an error because the argtable2 package was not installed on the server. The CUDA Multiforcer application is a security audit tool used to check the strength of MD4, MD5, NTLM, and SHA1 password hashes. The CUDA Multiforcer attempts to brute force one of those types of hashes by attempting every combination of characters specified such as lowercase only characters, lowercase characters and numbers, etc. This tool can be extremely beneficial for checking the strength of user passwords for various operating systems and/or applications that store their passwords in a MD4, MD5, NTLM, or SHA1 hash. As you can see in the below error the issue appears to be with argtable2 which is not a package available with the default yum repositories on CentOS. Below I display the error and describe what repository to install to be able to use yum to install the argtable2 RPM package.

Technology Insights

Dumping NTLM Hash’s from Windows with Fgdump.

With the release of the new Question-Defense online NTLM, MD5 and MD4 cracker I decide to write a quick how to on grabbing the hash’s from a windows system. In order for this to work you need at least one username and logon of a user with admin privileges. I may in the future write a article on how to escalate your privileges from a user to a admin, but for the sake of this article will assume you know at least one admin user log on.