hashcat Forum

Full Version: Should I use deskey_to_ntlm on crack.sh result?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello all,

So I've got NetNTLMv1 credentials and used crack.sh to crack them because it would take TOO much time if I try to do it with my rig..

However, I'm a bit confused and want to confirm that my understanding is correct.. The end result of crack.sh (what they call the key) is the actual NTLM hash right? If I have that hash, is it possible to confirm it using hashcat?

I think that it is the NTLM hash but just need a confirmation before I start trying to crack it.. The reason why I think that it is the NTLM hash is because the last four chars are identical to the PT3 segment I received from chapcrack..


P.S. why did I get confused in the first place? Because online cracking tools told me that the hash I have is 'unknown' type, and because the hash-identifier tool on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) puts NTLM as one of least possible candidates for that hash
https://hashcat.net/wiki/doku.php?id=example_hashes
Or just test an attack on the hash using -m 5500 and see if it works.
(12-03-2019, 03:43 PM)slyexe Wrote: [ -> ]https://hashcat.net/wiki/doku.php?id=example_hashes
Or just test an attack on the hash using -m 5500 and see if it works.

The hash is 32 characters and thus is not a -m 5500 hash.. I'll explain the steps I took using hashes from the example_hashes page to stick to the rules..

First, I got a challenge/response via WPA2 Enterprise attacking method.. 

Then, I submitted the hash to crack.sh page and they replied (success) with what they called a "key".. The key is 32 chars length and ends with the four characters (e.x. 5a5a).. Those four characters were familiar to me because I saw them as PT3 when I used chapcrack.. 

Question 1: is key == final NTLM hash to be used for PTH?

Hope this clarifies it because it's already clear to me that crack.sh "key" is not a NetNTLMv1 hash but it is not clear to me whether or not further steps should be taken to make this key usable. By further steps I mean something like this: https://github.com/hashcat/hashcat-utils...to_ntlm.pl