lm2ntcrack
From the README…
This program provides a simple way to instantly crack Microsoft Windows NT Hash (MD4) when the LM Password is known.
This program must be used with the password cracker John the Ripper.
I've often encountered a problem during Windows penetration testing and password assessment.
On the one hand, launching my favourite password cracker during few minutes on the dumped Windows passwords hashes, permits to crack many LM passwords but cracked password cannot be used as is (uppercase version of the Windows password).
On the other hand, password cracking on NT hash is quiet long and after few days it cracks only some password.
Here is my big deal. I've got the LM password but it is only in UpperCase because LM Hashes are not case sensitive. So, these passwords cannot be reuse in this form.
* Example: Password cracker output for “Administrator” account :
⇒ LM password is ADMINISTRAT0R.
⇒ NT password is ?????????????.
I'm not so lucky because the case-sensitive password isn't “administrat0r” or “Administrat0r”. So I cannot use this to connect on the audited Windows system.
This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is poor chance of success.
* Note :
13 characters : 1 number + 12 case-sensitive letters ⇒ 2^12 = 4096 choices (DAMN IT, I cannot test them all manually)
… I need a TOOL !!!! Not a magic one but a simple tool which can do this task for me.
In this example, “lm2ntcrack” will generate the 4096 possibilities for the password “ADMINISTRAT0R” and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.
Estimated time : < 2 seconds to crack more than 1200 NT Hashes (it is very fast instead of Perl !!! lol)
Enjoy !!!!
As this script is a long one here is a link to download the tarball rather than include the full thing.
Submitted by Yannick Hamon
The original, and probably latest version, of this script can be found at the lm2ntcrack homepage.