06-02-2015, 09:50 PM
I seem to be having an issue with cracking some of my NTLM hashes.
Currently I have dumped a 2008R2 SAM using VSS in combination with QwarksPWDump util to get it into a txt file.
They appear like this example:
I have removed:
Leaving me with what I think is the NTLM:
I use the following command:
I am unable to crack any of the passwords even though I have set my own password in AD manually and placed it in the wordlist.txt I did add in the example hashcat NTLM and it was able to retrieve it fine. I dont get any errors either about line length.
My impression is that the export is suspect. Any ideas?
Currently I have dumped a 2008R2 SAM using VSS in combination with QwarksPWDump util to get it into a txt file.
They appear like this example:
PHP Code:
user:4265:AA############################EE:18####################F1D2A5CB06:::
I have removed:
PHP Code:
user:salt_idk?:AA############################EE:
Leaving me with what I think is the NTLM:
PHP Code:
18####################F1D2A5CB06
I use the following command:
Code:
cudaHashcat64.exe -m 1000 -o recovered.txt hashes.txt wordlist.txtI am unable to crack any of the passwords even though I have set my own password in AD manually and placed it in the wordlist.txt I did add in the example hashcat NTLM and it was able to retrieve it fine. I dont get any errors either about line length.
My impression is that the export is suspect. Any ideas?