nerdexam
ExamsGCIHQuestions#670
GIAC

GCIH · Question #670

GCIH Question #670: Real Exam Question with Answer & Explanation

The correct answer is C: --format=NT. Windows does not generate LANMAN (LM) hashes for passwords of 15 or more characters, so only the NT hash format is present to crack.

Question

A security auditor is using John the Ripper to review password strength on Windows machines. The auditor knows that the company requires a 15-character minimum in their passwords. In this scenario, what format parameter must be passed to John (with Jumbo Patch) to crack the passwords?

Options

  • A--format=LANMAN
  • B--format=UNIX
  • C--format=NT
  • D--format=SHA256

Explanation

Windows does not generate LANMAN (LM) hashes for passwords of 15 or more characters, so only the NT hash format is present to crack.

Common mistakes.

  • A. LANMAN hashes are not stored by Windows for passwords of 15 or more characters, so there is no LM hash present to crack with --format=LANMAN.
  • B. --format=UNIX targets Unix-style crypt(3) password hashes, which are not used for Windows local or domain account password storage.
  • D. --format=SHA256 would target SHA-256 hashes, which Windows does not use for local account password storage in the SAM database.

Concept tested. Windows NT vs LANMAN hash generation for 15-character passwords

Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/prevent-windows-store-lm-hash-password

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice