hashcat Forum

Full Version: NOOB question regarding NTLM Hashes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am working with an NTLM hash that was extracted using Quarks PW dump from a domain controller. This is a case where someone locked the keys in the car and now we need to get in. By using a combination of the registry keys and the AD database, I was able to extract the hashes and put them in a text format. I was hoping to use hashcat to crack them, but I keep getting a line exception error when running against the hash.

Below is an example of the command running:
oclHashcat-plus64.exe --hash-type 1000 --attack-mode 3 user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D:

I am using the hashcat gui for simplicity on a Windows system.

When running the program I am getting a line length exception on every line, when attempting to pull from the text file that was created.

Assistance would be appreciated.
pwdump format is not supported, you need to specify just the nthash
Quote:user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D:
This is the only part that you need:
user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D: