Posts: 1
	Threads: 1
	Joined: Feb 2014
	
	
 
	
	
		Hi, I'm a kind of a noob at cryptography but I am trying to learn about cracking hashes. And I've got a an NTLM hash and a R9 280X, I was wondering how practical would it be to crack that hash using that card keeping in mind that all I know about the password is that it's supposed to be a strong one, and I've tried oclHashcat with a 14 char mask with lower,upper,dig and special and est time is >10 years, I understand the possibilities are huge but is there any practical way of approaching this problem?
Thanks 
	 
	
	
	
	
 
 
	
	
	
		
	Posts: 80
	Threads: 10
	Joined: Nov 2012
	
	
 
	
	
		Start small, don't go diving in trying to brute force huge keyspaces, use a few good wordlists and mangle them with some rules.
	
	
	
	
	
 
 
	
	
	
		
	Posts: 117
	Threads: 0
	Joined: Nov 2013
	
	
 
	
	
		here you go.
cracking passwords 101
Trying to brute force that amount of keyspace is insane with the hardware you have.
	
 
 
	
	
	
		
	Posts: 4
	Threads: 0
	Joined: Feb 2014
	
	
 
	
	
		May I borrow this thread a little? I have a pwd dump file from Win Server 2008 and I need the admin pwd (the one who set the pwd died, unfortunately). 
The file (say ha.hash) is on the format:
Administrator:500:NO PASSWORD*********************:[32-Char Hash]:::
How do I get oclhashcat to start cracking this password for me?
	
	
	
	
	
 
 
	
	
	
		
	Posts: 2,935
	Threads: 12
	Joined: May 2012
	
	
 
	
	
		thread hijacking is against the rules, but since you asked so politely...
your "ha.hash" file needs to just have the "[32-Char Hash]" portion of the line in it, nothing else. so just get rid of everything but the hash and it will work fine.
	
	
	
	
	
 
 
	
	
	
		
	Posts: 2,301
	Threads: 11
	Joined: Jul 2010
	
	
 
	
		
		
		02-22-2014, 11:20 AM 
(This post was last modified: 02-22-2014, 11:21 AM by undeath.)
		
	 
	
		 (02-22-2014, 01:34 AM)ToJ Wrote:  I need the admin pwd (the one who set the pwd died, unfortunately).
If you only need to access the user account you can simply reset the password. Likely much faster and guaranteed to work within this century.
	
 
	
	
	
	
 
 
	
	
	
		
	Posts: 4
	Threads: 0
	Joined: Feb 2014
	
	
 
	
		
		
		02-22-2014, 12:38 PM 
(This post was last modified: 02-22-2014, 01:29 PM by ToJ.)
		
	 
	
		Sorry for highjacking. I thought that there was already a similar thread to the need I had and didn't want to clog the forum.
My dad was a bit of a paranoid network admin and I am trying to break into his network at home. I'm trying to find all the family photos and try to take this as a reason to learn more about security (he sat pwds down to disk-level in some cases). Anyways, I have found some evidence to suggest that he had one master password which he re-iterated and this hash is the best option I have to actually find the base of that pwd.
I tried this command, but it will not work (I'm on windows btw):
oclhashcat64.exe -m 5600 ha.hash -a 3
but I only get a line-length exception
Any help appreciated.
	
	
	
	
	
 
 
	
	
	
		
	Posts: 2,935
	Threads: 12
	Joined: May 2012
	
	
 
	
	
		why are you using -m 5600? 5600 is NetNTLMv2, not NTLM.
	
	
	
	
	
 
 
	
	
	
		
	Posts: 4
	Threads: 0
	Joined: Feb 2014
	
	
 
	
		
		
		02-22-2014, 01:49 PM 
(This post was last modified: 02-22-2014, 02:21 PM by ToJ.)
		
	 
	
		My understanding was that Win Serv 2k8 use v2? 
Ok, so that was my first misstake. When I run -m 1000 the mask is set to ?1?2?2?2?2?2?2?3 and my 8-char test-pwd isn't caught. How can I make sure that ?a?a?a?a?a?a?a?a is tested? (I know, but I expect the pwd to be 8-12 chars, effectively randomized...)
	
	
	
	
	
 
 
	
	
	
		
	Posts: 2,935
	Threads: 12
	Joined: May 2012
	
	
 
	
	
		NetNTLM is different from NTLM.
Yes, -m 1000 is the correct mode.
If you want to use ?a?a?a?a?a?a?a?a as your mask, then simply specify that mask on the command line.