nerdexam
GIAC

GCIH · Question #670

A security auditor is using John the Ripper to review password strength on Windows machines. The auditor knows that the company requires a 15-character minimum in their passwords. In this scenario, wh

The correct answer is C. --format=NT. Windows does not generate LANMAN (LM) hashes for passwords of 15 or more characters, so only the NT hash format is present to crack.

Vulnerability Exploitation & Privilege Escalation

Question

A security auditor is using John the Ripper to review password strength on Windows machines. The auditor knows that the company requires a 15-character minimum in their passwords. In this scenario, what format parameter must be passed to John (with Jumbo Patch) to crack the passwords?

Options

  • A--format=LANMAN
  • B--format=UNIX
  • C--format=NT
  • D--format=SHA256

How the community answered

(54 responses)
  • A
    6% (3)
  • B
    2% (1)
  • C
    83% (45)
  • D
    9% (5)

Why each option

Windows does not generate LANMAN (LM) hashes for passwords of 15 or more characters, so only the NT hash format is present to crack.

A--format=LANMAN

LANMAN hashes are not stored by Windows for passwords of 15 or more characters, so there is no LM hash present to crack with --format=LANMAN.

B--format=UNIX

--format=UNIX targets Unix-style crypt(3) password hashes, which are not used for Windows local or domain account password storage.

C--format=NTCorrect

Windows automatically disables LM hash generation for any password that is 15 characters or longer, storing only the NT (NTLM) hash derived via MD4. Because the company enforces a 15-character minimum, no LM hash will exist in the SAM database for any compliant account, making --format=NT the correct and only viable format parameter for John the Ripper to target these credentials.

D--format=SHA256

--format=SHA256 would target SHA-256 hashes, which Windows does not use for local account password storage in the SAM database.

Concept tested: Windows NT vs LANMAN hash generation for 15-character passwords

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/prevent-windows-store-lm-hash-password

Topics

#John the Ripper#LANMAN hash#NT hash#password length policy

Community Discussion

No community discussion yet for this question.

Full GCIH Practice