Tweet
Something has come up w/several different people so we thought we would
just clarify:
We want *complete passwords*. Which means, when cracking an LanMan hash
and it's broken into two chunks, we don't want the chunks independent of
one another; we want the actual, usable resulting password.
So if you crack 'PASSWORD', we don't want two lines in the submission,
one for 'PASSWOR' and one for 'D'. To put it in terms of JtR, we want
to see passwords extracted from john -show output, not from your
john.pot file.
Similarly if you have cracked only the second half, don't send us
'???????D'. If you couldn't sit down on the network and log in with it,
it's not been cracked yet.
just clarify:
We want *complete passwords*. Which means, when cracking an LanMan hash
and it's broken into two chunks, we don't want the chunks independent of
one another; we want the actual, usable resulting password.
So if you crack 'PASSWORD', we don't want two lines in the submission,
one for 'PASSWOR' and one for 'D'. To put it in terms of JtR, we want
to see passwords extracted from john -show output, not from your
john.pot file.
Similarly if you have cracked only the second half, don't send us
'???????D'. If you couldn't sit down on the network and log in with it,
it's not been cracked yet.