hashcat Forum

Full Version: Problem with DCC Hash
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, i'm Necos and i'm new in this stuff, by the way, i'm from Argentina.

Well, my problem is with the format of the Domain Cached Credential hash, i used the 'creddump7' to extract the hash of the account, and this is what i got: jhon.may:d2578hcf7990099a1e1c523041c6687e:ar:ar.contoso.com

Obviously, this is not the real hash, is only an example of the hash that i've got.

I'm using HashCat v0.49 and this commandline:

hashcat-cli64.exe -m 1100 -a 3 -n 2 -1=?l?u?s?d --pw-min=6 --pw-max=8 hash.txt ?u?l?l?s?d?d?d?d -o crackedhash.txt

Skipping line: jhon.may:d2578hcf7990099a1e1c523041c6687e:ar:ar.contoso.com (se
parator unmatched)
No hashes loaded

So i've tried with this hash:


1 salts contain separator-char ':'
Added hashes from file hash.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen

Input.Mode: Mask (?u?l?l?s?d?d) [6]
Index.....: 0/1 (segment), 58000800 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 6.84M plains, 6.84M words
Progress..: 58000800/58000800 (100.00%)
Running...: 00:00:00:09
Estimated.: --:--:--:--

After a while, i've nothing.

In the Examples Hashes's page shows this for the DCC hashes:

1100 Domain Cached Credentials, mscash 4dd8965d1d476fa0d026722989a6b772:3060147285011

But it's not like mine so... what i'm doing wrong?

Thanks in advance
Usually DCC uses the username as salt. In that case, you'd write:

Thanks atom, i did what you say, but not cracked the password..

Input.Mode: Mask (?u?l?l?s?d?d?d?d) [8]
Index.....: 0/1 (segment), 5800080000 (words), 0 (bytes
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 7.33M plains, 7.33M words
Progress..: 5800080000/5800080000 (100.00%)
Running...: 00:00:13:12
Estimated.: --:--:--:--

Started: Tue Mar 03 10:42:11 2015
Stopped: Tue Mar 03 10:57:10 2015

I'm using this Mask because i know the pass
Then the hash export is propably wrong
Ok, can you recommend me a tool for extract the Hash?
No sorry, I have no experience with that. Maybe someone elsE?