Takes a case-insensitive plaintext (perhaps from a LM hash) and a corresponding NT hash, and finds the appropriate case-sensitive password

ntfind.py

#!/usr/bin/python

import hashlib
import sys

if len(sys.argv) != 3 :
    print("usage: " + sys.argv[0] + " <CASE_INSENSITIVE_PASSWORD> <NTLM_HASH>")
    sys.exit(-1)
    
def nt_hash (plaintext) :
    return hashlib.new('md4', plaintext.encode('utf-16le')).hexdigest()
    
def check_plaintext (plaintext) :
    if nt_hash(plaintext) == sys.argv[2] :
        return True
    return False

def swap_case (plaintext, place) :
    if plaintext[place] == plaintext[place].lower() :
        plaintext = plaintext[:place] + plaintext[place].upper() + plaintext[place+1:]
    else :
        plaintext = plaintext[:place] + plaintext[place].lower() + plaintext[place+1:]
    return plaintext


def case_pass (password) :
    for i in range(2**(len(password))) :
        casepass = password
        place = 0
        while i > 0 :
            if i % 2 == 1 :
                casepass = swap_case(casepass, place)
            i = int(i/2)
            place += 1
        if check_plaintext(casepass) :
            print("found password: " + casepass + " " + nt_hash(casepass))
            return
            
case_pass(sys.argv[1])