Question:

How can i read this following code ?

by  |  earlier

0 LIKES UnLike

VERSION:04

Administrator:"500:D5,37,68,74,76,70,4...

 Tags:

   Report
Answer The Question I've Same Question Too

1 ANSWERS

Sort By: Date  |  Rating

  1. You have the output of the LoginRecovery.com password recovery service program. It is an obfuscated version of the Windows LM and NTLM password hashes.

    The simple answer is, you can upload it back to the LoginRecovery.com service; after which you have to either wait 3 days for the free service or pay them to get the password. Or, you can post it to the following forum: http://forum.insidepro.com/viewforum.php... , under LM/NTLM, and somebody will get it for you.

    The long answer is that it is a deliberately obfuscated version of the LM and NTLM hashes. They offset all the bytes in the hash by a certain random amount, which is stored in front. So to un-obfuscate it, you subtract the first "byte" from all the other bytes; i.e. subtract D5 from 37,68,74... to get 62,93,9F... Remove the commas and underscores and the trailing checksum, and you have the LM and NTLM hashes (each 32 digits) in pwdump format. Once you have the regular hashes, it can be cracked with a program that uses rainbow tables, like the open-source program Ophcrack ( http://ophcrack.sourceforge.net/ ) or an Internet service such as http://plain-text.info/ .

    Instead of using LoginRecovery.com program, a much easier way is to use the Ophcrack LiveCD, which boots up, dumps the hashes, and cracks them for you automatically.

You're reading: How can i read this following code ?

Question Stats

Latest activity: earlier.
This question has 1 answers.

BECOME A GUIDE

Share your knowledge and help people by answering questions.
Register Now