Posts: 23
Threads: 7
Joined: Oct 2012
(08-30-2013, 03:12 AM)magnum Wrote: (08-30-2013, 02:59 AM)PnkPanther Wrote: (08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.
Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".
Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8 (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.
Could you explain what needs to be removed from the hash? I would really appreciate it.
Posts: 143
Threads: 9
Joined: Dec 2012
(08-30-2013, 03:47 AM)PnkPanther Wrote: Could you explain what needs to be removed from the hash? I would really appreciate it.
I removed three bytes of non-ASCII in the last field right were it was line wrapped when I copy-pasted it from the forum. But I do not think your file has it, I think the forum added it.
Posts: 23
Threads: 7
Joined: Oct 2012
When I use john on my hash it responds with no hashes loaded. If I run john on a hash from their example page it works. Do you know why? It seems that if it works for you it should work for me.
Posts: 143
Threads: 9
Joined: Dec 2012
(08-30-2013, 04:14 AM)PnkPanther Wrote: When I use john on my hash it responds with no hashes loaded. If I run john on a hash from their example page it works. Do you know why? It seems that if it works for you it should work for me.
Try re-creating a correct hash like this:
Code:
$ echo -n >testhash Administrator::WIN-HMH39596ABN:1122334455667788:80be64a4282577cf3b80503f4acb0e5a
$ echo >>testhash :0101000000000000f077830c70a4ce0114ddd5c22457143000000000020000000000000000000000
$ cat testhash
Administrator::WIN-HMH39596ABN:1122334455667788:80be64a4282577cf3b80503f4acb0e5a:0101000000000000f077830c70a4ce0114ddd5c22457143000000000020000000000000000000000
Be sure to use "-n >" in the first line, and ">>" in the second.
Posts: 23
Threads: 7
Joined: Oct 2012
(08-30-2013, 03:12 AM)magnum Wrote: (08-30-2013, 02:59 AM)PnkPanther Wrote: (08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.
Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".
Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8 (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.
Wow, thanks magnum! Now I understand what you meant about the control characters. I should really use a better text editor.
Posts: 1
Threads: 0
Joined: Sep 2015
09-15-2015, 07:28 AM
(This post was last modified: 09-15-2015, 08:11 AM by epixoip.)
(09-01-2013, 02:15 AM)PnkPanther Wrote: (08-30-2013, 03:12 AM)magnum Wrote: (08-30-2013, 02:59 AM)PnkPanther Wrote: (08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.
Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".
Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8 (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.
Wow, thanks magnum! Now I understand what you meant about the control characters. I should really use a better text editor.
Hello I know this is an old thread but it's really the only one that is close to the problem I am having. I have tried using John and Hashcat. I've used netntlmv2, LM, and ntlm. Please assist!
I need to find the password to this for my master's class.
<redacted>
John keeps giving me messages saying Loaded 2 password hashes with no different salts. using LM.
Hashcat says that progress is 100% everything is done but no hashes were loaded =-/
SOS
Posts: 2,936
Threads: 12
Joined: May 2012
Your problem is you have no clue how to use your tools, and do not know how to read the forum rules.
