10-22-2011, 09:12 AM
I have a very odd situation where I've been able to crack a certain NTLM hash with brute-force (-lite) because I got the 8th & 9th chars from the LM hash using john.
I've been trying for 2 days to crack the same hash using oclHashcat & oclHashcat-plus using dictionaries with rules, and bf lower-alpha with rules, but no luck.
I was going crazy trying to figure it out, so finally I put just the word the plain is based on in a dictionary and wrote the exact rule that would translate the word into the plain, ran oclHashcat-plus32 (thought maybe it was a 64bit problem) and it didn't find the plain. At this point I put the exact plain in the dictionary too, ran it again, STILL didn't crack it.
The plain starts with '@', is there possibly a bug with the dictionary and/or rules code that doesn't handle plains starting with '@' right for NTLM?
I've been trying for 2 days to crack the same hash using oclHashcat & oclHashcat-plus using dictionaries with rules, and bf lower-alpha with rules, but no luck.
I was going crazy trying to figure it out, so finally I put just the word the plain is based on in a dictionary and wrote the exact rule that would translate the word into the plain, ran oclHashcat-plus32 (thought maybe it was a 64bit problem) and it didn't find the plain. At this point I put the exact plain in the dictionary too, ran it again, STILL didn't crack it.
The plain starts with '@', is there possibly a bug with the dictionary and/or rules code that doesn't handle plains starting with '@' right for NTLM?