As requested, I built an MS Cache brute forcer. The MS Cache hashes are a little harder to optimize. They are salted and need 2x MD4. This is how you built an MS Cache hash:
* Built NTLM hash for the password: MD4(Unicode(password))
* Append Unicode&lowercase username to the NTLM hash
* MD4 that
So in short: MD4( MD4(Unicode(password)) + Unicode(tolower(username)) )
Because of this, you need the calculate the full MD4 hash for every plaintext. Because of the unknown first 16 bytes of the input for the final MD4 (the NTLM hash), you cannot really reverse steps. I only reversed partial last steps.
I've been a little lazy, this version only supports usernames with a maximum length of 19 characters. You would need to do an additional MD4 for longer usernames.
I interlaced SSE2 three times, getting to something like 72 Mhashes/s on my system.
The download links:
You might also need to install the Microsoft Visual C++ 2008 Redistributable Package.