|
It is currently 30 Jul 2010, 11:57
|
View unanswered posts | View active topics
 |
|
 |
|
| Author |
Message |
|
neinbrucke
|
Post subject: Re: LM hashes and accents  Posted: 03 Oct 2009, 19:45 |
Joined: 30 Mar 2008, 15:37
Posts: 847
|
that depends on whether cp1250 is actually used on their windows versions...  and it's no use generating such LM tables yourself anyway... (too much work)
|
|
|
|
 |
|
neinbrucke
|
Post subject: Re: LM hashes and accents Posted: 03 Oct 2009, 19:47 |
Joined: 30 Mar 2008, 15:37
Posts: 847
|
|
btw, it is not about 'windows code page', but about 'oem code page', so 1250 is not used
|
|
|
|
|
|
|
quel
|
Post subject: Re: LM hashes and accents Posted: 03 Oct 2009, 19:54 |
Joined: 15 Jul 2009, 22:38
Posts: 363
|
neinbrucke wrote: btw, it is not about 'windows code page', but about 'oem code page', so 1250 is not used Ah so I should be looking at cp852?
|
|
|
|
|
|
|
neinbrucke
|
Post subject: Re: LM hashes and accents Posted: 03 Oct 2009, 20:33 |
Joined: 30 Mar 2008, 15:37
Posts: 847
|
maybe... i'm not sure that oem codepage is actually set as default codepage on romanian systems... if i look at http://msdn.microsoft.com/nl-nl/gogloba ... us%29.aspx there doesn't seem to be a localized version of windows for romania. So that most likely just gives them 437 or 850. 852 wouldn't be an odd choice though i have overviews of the mappings for every character for a lot of codepages already, maybe i rewrite my lm2ntlm unicode corrector so that it takes mappings per codepage file... might be a good way to distribute this data. although iconv might actually do all you need...
|
|
|
|
|
|
|
quel
|
Post subject: Re: LM hashes and accents Posted: 03 Oct 2009, 22:42 |
Joined: 15 Jul 2009, 22:38
Posts: 363
|
_haxxor_ wrote: Romanian - ĂăÂâÎŢţ
Albanian - ÇçËë
Azerbaijani - ÄäÇçƏəĞğIıİiÖöŞşÜü
Basque - Ññ
Belarusian - ĆćČčŃńŚśŠšŬŭŹźŽž
Bosnian - ĆćČčĐ𩹮ž
Catalan - Çç
Croatian - ČčĆćĐ𩹮ž
Czech - ÁáČčĎďÉéĚěÍíŇňÓóŘřŠšŤťÚúŮůÝýŽž
Hungarian - ÁáÉéÍíÓóÖöŐőÚúÜüŰű
Polish - ĄąĆćĘꣳŃńÓ󌜏źŻż
Serbian - ČčĆćĐ𩹮ž
Turkish - ÇçĞğIıİiÖöŞşÜü
Danish - ÆæØøÅå
German - ÄäÖöÜüß
Estonian - ŠšŽžÕõÄäÖöÜü
Finnish - ÅåÄäÖö
French - ŒœÆæÀàÂâÇçÉéÈèÊêËëÎîÏïÔôÛûÙùÜüŸÿ
Galauz - ÄäÇçÊêIıİiÖŞŢÜ
Icelandic - ÁÐÉÍÓÚÝÞÆÖáðéíóúýþæö
Italian - ÀàÁáÉéÈèÌìÎîÒòÙù
I can't edit the rainbow crack "charset.txt" in order to generate let's say numeric-ro-space = [0123456789ĂÂÎŞŢ ]
because if I save the file in unicode format, winrtgen or rainbow crack can't read it. What am i doing wrong ? LE: btw i'm trying to generate LM & md5 tables. Could you provide a non-unicode text file with Romanian characters in it based on the local character encoding?
|
|
|
|
|
|
|
Sc00bz
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 00:59 |
Joined: 03 Dec 2007, 11:37
Posts: 725
|
You guys are missing what is happening. Also saying the character set is this does not mean anything: numeric-ro-space = [0123456789ĂÂÎŞŢ ]
There is a conversion with LM from the Unicode value (0x000000 to 0x10FFFF) to an 8 bit value (0x00 to 0xFF) and the "charset.txt" can only handle 8 bit values (this is good for LM). Now if you could give me a LM hash that is just one character for each of the characters you want in your character set then it will be very easy to figure out the character set should be. Also rcrack and everything that uses it's code dose not support Unicode characters with values higher than 255 (0xFF) because the conversion from "charset.txt" to UTF-16 is concatenate a null character. These are all the valid NTLM characters that rcrack supports (dots are invalid characters for passwords, please correct me if I'm wrong on any of these invalid characters). 0123456789ABCDEF
0? ................
1? ................
2? !"#$%&'()*+,-./ <--- . is the actual character for 0x2E
3? 0123456789:;<=>?
4? @ABCDEFGHIJKLMNO
5? PQRSTUVWXYZ[\]^_
6? `abcdefghijklmno
7? pqrstuvwxyz{|}~
8? ................
9? ................
A? ¡¢£¤¥¦§¨©ª«¬®¯ <--- don't ask me why "soft hyphen" is not showing up
B? °±²³´µ¶·¸¹º»¼½¾¿ because it is there and should look like this ¬-®
C? ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏ
D? ÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß
E? àáâãäåæçèéêëìíîï
F? ðñòóôõö÷øùúûüýþÿ
_________________
http://www.tobtu.com/
|
|
|
|
|
|
|
neinbrucke
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 08:53 |
Joined: 30 Mar 2008, 15:37
Posts: 847
|
we are not missing the point here... quel is converting the characters to other code pages (1 byte values) using 'iconv'... also i have a list of like all the mappings from unicode to 1 byte value, per code page. And indeed, the rcrack's don't take unicode, they fake it for ntlm
|
|
|
|
|
|
|
pointp
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 14:26 |
Joined: 18 Oct 2007, 19:30
Posts: 323
|
Quote: French - ŒœÆæÀàÂâÇçÉéÈèÊêËëÎîÏïÔôÛûÙùÜüŸÿ Just something i wanna add : we (french ppl) never use Ÿÿ.
|
|
|
|
|
|
|
GLOBUS
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 16:51 |
Joined: 17 Jun 2008, 11:00
Posts: 46
|
rcrack "c:\Program Files\Cain\Winrtgen\lm\*.rt" -l lm >dump traversing rt group #0 for 9 hashes (remain = 0, traversed = 0, skipped = 0)
disk: c:\Program Files\Cain\Winrtgen\lm\lm_byte#1-1_0_100x40000_oxid#000.rt: 640000 bytes read
disk: finished reading all files
searching for 9 hashes...
plaintext of 1bae07902550b288 is ŕ
plaintext of 438b8ac8e2da0221 is Ť
plaintext of 44595b264834253b is ˝
plaintext of 6e46bfbe6c2e2238 is ¨
plaintext of c2d690aa41cc1533 is —
plaintext of c43194b3487f5a36 is Ź
plaintext of c48b5514ed57f406 is ť
plaintext of f1048d80ea01263b is ¤
plaintext of fa53ea39107c5a18 is ă
statistics
-------------------------------------------------------
plaintext found: 9 of 9
total time: 0.05 s
time of chain traverse: 0.03 s
time of alarm check: 0.00 s
time of wait: 0.00 s
time of other operation: 0.01 s
time of disk read: 0.00 s
hash & reduce calculation of chain traverse: 43659
hash & reduce calculation of alarm check: 704
number of alarm: 704
speed of chain traverse: 1.36 million/s
speed of alarm check: 59889696578085168000000000000000000.00 million/s
result
-------------------------------------------------------
f1048d80ea01263b ¤ hex:a4
c43194b3487f5a36 Ź hex:8f
6e46bfbe6c2e2238 ¨ hex:a8
c48b5514ed57f406 ť hex:9d
fa53ea39107c5a18 ă hex:e3
1bae07902550b288 ŕ hex:e0
c2d690aa41cc1533 — hex:97
438b8ac8e2da0221 Ť hex:8d
44595b264834253b ˝ hex:bd
LM: loweralpha-pl == alpha-pl ą=B9 / Ą=A5 / LM ¤=a4 ć=E6 / Ć=C6 / LM Ź=8f ę=EA / Ę=CA / LM ¨=a8 ł=B3 / Ł=A3 / LM ť=9d ń=F1 / Ń=D1 / LM ă=e3 ó=F3 / Ó=D3 / LM ŕ=e0 ś=9C / Ś=8C / LM —=97 ź=9F / Ź=8F / LM Ť=8d ż=BF / Ż=AF / LM ˝=bd rcrack "c:\Program Files\Cain\Winrtgen\lm\*.rt" -l lm >dump traversing rt group #0 for 8 hashes (remain = 0, traversed = 0, skipped = 0)
disk: c:\Program Files\Cain\Winrtgen\lm\lm_alpha-pl#1-5_0_1000x40000_oxid#000.rt: 640000 bytes read
disk: c:\Program Files\Cain\Winrtgen\lm\lm_alpha-pl#1-5_1_1000x40000_oxid#000.rt: 640000 bytes read
disk: c:\Program Files\Cain\Winrtgen\lm\lm_alpha-pl#1-5_2_1000x40000_oxid#000.rt: 640000 bytes read
disk: c:\Program Files\Cain\Winrtgen\lm\lm_alpha-pl#1-5_3_1000x40000_oxid#000.rt: 640000 bytes read
disk: c:\Program Files\Cain\Winrtgen\lm\lm_alpha-pl#1-5_4_1000x40000_oxid#000.rt: 640000 bytes read
disk: finished reading all files
searching for 8 hashes...
plaintext of baeb34edcdc37dbc is G¤BKA
plaintext of a2f15b1acd9c0f80 is DŤWIG
plaintext of cdfbc8f10daf01db is ˝YŹ
plaintext of 597ab4b0a62699f6 is —LIWA
plaintext of 142a282081c47bd1 is M¨KA
traversing rt group #1 for 3 hashes (remain = 0, traversed = 0, skipped = 0)
searching for 3 hashes...
plaintext of 48f4f6b82224b3ed is MIŕD
plaintext of 4cf3f8954c3c1c0a is ťŕ˝KO
traversing rt group #2 for 1 hash (remain = 0, traversed = 0, skipped = 0)
searching for 1 hash...
traversing rt group #3 for 1 hash (remain = 0, traversed = 0, skipped = 0)
searching for 1 hash...
plaintext of 0e2a1b7848b39061 is DZIEă
statistics
-------------------------------------------------------
plaintext found: 8 of 8
total time: 13.63 s
time of chain traverse: 12.48 s
time of alarm check: 0.80 s
time of wait: 0.00 s
time of other operation: 0.34 s
time of disk read: 0.01 s
hash & reduce calculation of chain traverse: 6480513
hash & reduce calculation of alarm check: 1015925
number of alarm: 3563
speed of chain traverse: 0.52 million/s
speed of alarm check: 1.27 million/s
result
-------------------------------------------------------
0e2a1b7848b39061 DZIEă hex:445a4945e3
a2f15b1acd9c0f80 DŤWIG hex:448d574947
baeb34edcdc37dbc G¤BKA hex:47a4424b41
4cf3f8954c3c1c0a ťŕ˝KO hex:9de0bd4b4f
142a282081c47bd1 M¨KA hex:4da84b41
48f4f6b82224b3ed MIŕD hex:4d49e044
597ab4b0a62699f6 —LIWA hex:974c495741
cdfbc8f10daf01db ˝YŹ hex:bd598f
console:  Polish chars - OK All LM Hashes cracked ! Polish charset to LM: lm-alpha-pl = [ABCDEFGHIJKLMNOPQRSTUVWXYZ¤Ź¨ťăŕ—Ť˝]
| Attachments: |
charset.txt [131 Bytes]
Downloaded 12 times
|
Last edited by GLOBUS on 04 Oct 2009, 18:10, edited 1 time in total.
|
|
|
|
|
|
|
_haxxor_
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 17:58 |
Joined: 02 Apr 2008, 15:10
Posts: 833
Location: Romania
|
quel wrote: neinbrucke wrote: i'm guessing these are already covered in the LM tables... or do you have a strange oem codepage in romania? For Romanian these are not within lm_lm-frt-cp437-850: char cp1250 unicode unicode name
Ă 0xC3 0x0102 #LATIN CAPITAL LETTER A WITH BREVE
 0xC2 0x00C2 #LATIN CAPITAL LETTER A WITH CIRCUMFLEX
Î 0xCE 0x00CE #LATIN CAPITAL LETTER I WITH CIRCUMFLEX
Ş 0xAA 0x015E #LATIN CAPITAL LETTER S WITH CEDILLA
ş 0xBA 0x015F #LATIN SMALL LETTER S WITH CEDILLA
ţ 0xFE 0x0163 #LATIN SMALL LETTER T WITH CEDILLA
it seems they aren't. i hoped to give you guys all the "special chars" in all the european languages, (latin alphabet) and then to decide how to add them to the charset.txt in order to generate all kinds of tables, for foreign languages. thx quel for the charset.txt ! i'll try to generate lm tables & crack some hashes. i'll come back with a report
|
|
|
|
|
|
|
_haxxor_
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 18:03 |
Joined: 02 Apr 2008, 15:10
Posts: 833
Location: Romania
|
pointp wrote: Quote: French - ŒœÆæÀàÂâÇçÉéÈèÊêËëÎîÏïÔôÛûÙùÜüŸÿ Just something i wanna add : we (french ppl) never use Ÿÿ. wikipedia said that, i argued with my mother on that, so i wasn't sure. btw Romanian - ĂăÂâÎŢţ
Albanian - ÇçËë
Azerbaijani - ÄäÇçƏəĞğIıİiÖöŞşÜü
Basque - Ññ
Belarusian - ĆćČčŃńŚśŠšŬŭŹźŽž
Bosnian - ĆćČčĐ𩹮ž
Catalan - Çç
Croatian - ČčĆćĐ𩹮ž
Czech - ÁáČčĎďÉéĚěÍíŇňÓóŘřŠšŤťÚúŮůÝýŽž
Hungarian - ÁáÉéÍíÓóÖöŐőÚúÜüŰű
Polish - ĄąĆćĘꣳŃńÓ󌜏źŻż
Serbian - ČčĆćĐ𩹮ž
Turkish - ÇçĞğIıİiÖöŞşÜü
Danish - ÆæØøÅå
German - ÄäÖöÜüß
Estonian - ŠšŽžÕõÄäÖöÜü
Finnish - ÅåÄäÖö
French - ŒœÆæÀàÂâÇçÉéÈèÊêËëÎîÏïÔôÛûÙùÜüŸÿ
Galauz - ÄäÇçÊêIıİiÖŞŢÜ
Icelandic - ÁÐÉÍÓÚÝÞÆÖáðéíóúýþæö
Italian - ÀàÁáÉéÈèÌìÎîÒòÙù
i need to triple check these [and more], so don't take them for granted !
|
|
|
|
|
|
|
quel
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 18:31 |
Joined: 15 Jul 2009, 22:38
Posts: 363
|
_haxxor_ wrote: quel wrote: neinbrucke wrote: i'm guessing these are already covered in the LM tables... or do you have a strange oem codepage in romania? For Romanian these are not within lm_lm-frt-cp437-850: char cp1250 unicode unicode name
Ă 0xC3 0x0102 #LATIN CAPITAL LETTER A WITH BREVE
 0xC2 0x00C2 #LATIN CAPITAL LETTER A WITH CIRCUMFLEX
Î 0xCE 0x00CE #LATIN CAPITAL LETTER I WITH CIRCUMFLEX
Ş 0xAA 0x015E #LATIN CAPITAL LETTER S WITH CEDILLA
ş 0xBA 0x015F #LATIN SMALL LETTER S WITH CEDILLA
ţ 0xFE 0x0163 #LATIN SMALL LETTER T WITH CEDILLA
it seems they aren't. i hoped to give you guys all the "special chars" in all the european languages, (latin alphabet) and then to decide how to add them to the charset.txt in order to generate all kinds of tables, for foreign languages. thx quel for the charset.txt ! i'll try to generate lm tables & crack some hashes. i'll come back with a report :) Well, neinbrucke tells me that the windows code page won't be the right one. So I will have to look at the other cp pages and see what we find. I think cp852 might be the correct one but I am not sure. I'm going to do some more comparison of the code pages and see what overlaps and what doesn't.
|
|
|
|
|
|
|
quel
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 18:32 |
Joined: 15 Jul 2009, 22:38
Posts: 363
|
pointp wrote: Quote: French - ŒœÆæÀàÂâÇçÉéÈèÊêËëÎîÏïÔôÛûÙùÜüŸÿ Just something i wanna add : we (french ppl) never use Ÿÿ. Thanks! One of the biggest problems is that we really need data from people who have computers set up in the various locales. It seems that a lot of the data available is mostly just listings of the code pages and doesn't have any reality checks as to if they are even used.
|
|
|
|
|
|
|
_haxxor_
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 19:32 |
Joined: 02 Apr 2008, 15:10
Posts: 833
Location: Romania
|
1:"":"":7584248B8D2C9F9EAAD3B435B51404EE:9CAEA49F4571A2131BB7B7963AECB4BC
2:"":"":7584248B8D2C9F9EAAD3B435B51404EE:9E75F79BC73A0BF3A516AFCD46493C08
3:"":"":F7E62F36F8DB5AE6AAD3B435B51404EE:311E444E5B934807E151410802B0579E
4:"":"":F7E62F36F8DB5AE6AAD3B435B51404EE:54595FAA4B8E83B29EC23F20EC624E1D
5:"":"":7584248B8D2C9F9EAAD3B435B51404EE:305783B3AD65A195AD4AC907717C3419
6:"":"":7584248B8D2C9F9EAAD3B435B51404EE:E2DA4DFEF0CCBA1AF829C3CFD56E856C
7:"":"":93E28745B8BF4BA6AAD3B435B51404EE:92269D05D0C21D23F610F336F5E6AD92
8:"":"":93E28745B8BF4BA6AAD3B435B51404EE:CD813BBF798343A6C34C39042A8A4D32
9:"":"":417EAF50CFAC29C3AAD3B435B51404EE:44F131BE23A649A8652F92F8DB233C42
10:"":"":417EAF50CFAC29C3AAD3B435B51404EE:A8C748E7443D7795A62BFACEA88E52E5
//dumped with cain 1-ă
2-Ă
3-î
4-Î
5-â
6-Â
7-Ş
8-ş
9-Ţ
10-ţ
7584248B8D2C9F9EAAD3B435B51404EE:A F7E62F36F8DB5AE6AAD3B435B51404EE:I 93E28745B8BF4BA6AAD3B435B51404EE:S 417EAF50CFAC29C3AAD3B435B51404EE:T so : Ă,ă,Â,â - A
Î,î - I
Ş,ş - S
Ţ,ţ - T
Windows XP Professional SP3 version 2002 (does it matter that this version of windows, isn't bought in Romania ?)
|
|
|
|
|
|
|
quel
|
Post subject: Re: LM hashes and accents Posted: 04 Oct 2009, 20:52 |
Joined: 15 Jul 2009, 22:38
Posts: 363
|
_haxxor_ wrote: 1:"":"":7584248B8D2C9F9EAAD3B435B51404EE:9CAEA49F4571A2131BB7B7963AECB4BC
2:"":"":7584248B8D2C9F9EAAD3B435B51404EE:9E75F79BC73A0BF3A516AFCD46493C08
3:"":"":F7E62F36F8DB5AE6AAD3B435B51404EE:311E444E5B934807E151410802B0579E
4:"":"":F7E62F36F8DB5AE6AAD3B435B51404EE:54595FAA4B8E83B29EC23F20EC624E1D
5:"":"":7584248B8D2C9F9EAAD3B435B51404EE:305783B3AD65A195AD4AC907717C3419
6:"":"":7584248B8D2C9F9EAAD3B435B51404EE:E2DA4DFEF0CCBA1AF829C3CFD56E856C
7:"":"":93E28745B8BF4BA6AAD3B435B51404EE:92269D05D0C21D23F610F336F5E6AD92
8:"":"":93E28745B8BF4BA6AAD3B435B51404EE:CD813BBF798343A6C34C39042A8A4D32
9:"":"":417EAF50CFAC29C3AAD3B435B51404EE:44F131BE23A649A8652F92F8DB233C42
10:"":"":417EAF50CFAC29C3AAD3B435B51404EE:A8C748E7443D7795A62BFACEA88E52E5
//dumped with cain 1-ă
2-Ă
3-î
4-Î
5-â
6-Â
7-Ş
8-ş
9-Ţ
10-ţ
7584248B8D2C9F9EAAD3B435B51404EE:A F7E62F36F8DB5AE6AAD3B435B51404EE:I 93E28745B8BF4BA6AAD3B435B51404EE:S 417EAF50CFAC29C3AAD3B435B51404EE:T so : Ă,ă,Â,â - A
Î,î - I
Ş,ş - S
Ţ,ţ - T
Windows XP Professional SP3 version 2002 (does it matter that this version of windows, isn't bought in Romania ?) Can you attach a non-unicode text file with the characters? I tried running the chars through all the encodings that iconv can handle and I didn't get a LM hash that matched yours. The hashes let me double check if I have the right encoding but having a starting point is nice.
|
|
|
|
|
|
|
|
 |
|
 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
