01-20-2017, 12:32 AM
Hi Guys,
Just a quick one, I can't seem to work it out.
I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.
The hash is seen as correct, and viable within Hashcat, but it's not valid.
This is the example NTLMV2 from Hashcat, which works fine:
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat")
This is my capture with some details adjusted so that it remains private:
REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$
So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)
Thanks in advance.
Just a quick one, I can't seem to work it out.
I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.
The hash is seen as correct, and viable within Hashcat, but it's not valid.
This is the example NTLMV2 from Hashcat, which works fine:
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat")
This is my capture with some details adjusted so that it remains private:
REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$
So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)
Thanks in advance.