Re: [Samba] check accounts for known bad passwords
- Date: Thu, 20 Jul 2017 23:18:04 +0200
- From: mj via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] check accounts for known bad passwords
You have helped me a lot lately, it is MUCH appreciated!
I would, if I were you, use:
To get the hashes in the form you want for this, try:
That dumps an smbpasswd file format file (be very careful with this, it
contains your krbtgt key, admin password and everything else!)
Note this in the FAQ:
A: With PWDUMP-format files, John focuses on LM rather than NTLM hashes
by default, and it might not load any hashes at all if there are no LM
hashes to crack. To have JtR Pro or a -jumbo version focus on NTLM
hashes instead, you need to pass the "--format=nt" option.
I guess you would run it:
john --wordlist=/usr/share/john/password.lst /root/smbpasswd
You will need that jumbo version, the NTLM hash isn't in the one
packaged on Fedora, so this is where I stopped.
I hope this helps you keep in front of the bad guys!
To unsubscribe from this list go to the following URL and read the