Opening password file with John The Ripper
I have an old Windows domain SMB sniffer file circa 1998 and just out of interest I want to see if I can crack it now with John The Ripper. I believe the file was generated using the L0phtCrack SMB Packet Capture feature. The format of the file is a list of entries such as:
CADE\idk:3:4c34936620f47214:f08a4ae250ce716af0858f169ff224a10a9a3e012ad9341f:112fcb8224016bc51c65d2cf9c9d4d5084bb8f8416a94adb
The format appears to be:
DOMAIN\username:3:SMB challenge:encrypted LANMAN hash:encrypted NTLM hash
Not sure what the first 3 bytes are but it is the same for all entries. This probably uses some defunct Windows NT authentication method with the 8-byte challenge and 24-byte responses.
I cannot open the file as is natively with John. So I would like to know if I can either specify some options or reformat the file so that I can open it in John The Ripper.
