hashcat Forum
[HELP] What's the input format of NTLM when using hashcat-plus ? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: [HELP] What's the input format of NTLM when using hashcat-plus ? (/thread-2047.html)

Pages: 1 2


[HELP] What's the input format of NTLM when using hashcat-plus ? - unname2012 - 02-06-2013

Hello all,i know my question is stupid but i really want to know what's the format of NTLM when using hashcat-plus to crack ? i usually using JTR to crack NTML with format like this (Administrator:500:XXXXXXXXXXXXXXXXe08f82d6d2a3d8a6:XXXXXXXXXXXXXXXX6bc90ee0d60c6adf:::) ,but it not run in hashcat
please help me


Thank


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - Kuci - 02-06-2013

Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM



RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - unname2012 - 02-07-2013

(02-06-2013, 03:32 PM)Kuci Wrote: Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM

so,if crack window password,i just need crack this string (XXXXXXXXXXXXXXXX6bc90ee0d60c6​adf) with NTLM Algorithms ?

Thank !


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - Kuci - 02-07-2013

Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - epixoip - 02-07-2013

lm has no lower-case letters. all letters are converted to uppercase. lm has a total keyspace of 69^7.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - Kuci - 02-07-2013

Oh, I forgon, but lowercased chars are converted to uppercase.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - epixoip - 02-07-2013

but not with hashcat they're not. you need to manually do all the uppercase conversions with hashcat.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - Kuci - 02-08-2013

Well, this is in oclHashcat-plus forum, so the oclHashcat-plus is meant. But good to know.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - epixoip - 02-08-2013

i'm using the word 'hashcat' to refer to any hashcat product.


RE: [HELP] What's the input format of NTLM when using hashcat-plus ? - unname2012 - 02-10-2013

Sr all,i bust few day , first i want to say "THANK" to all of you,i have some question about this problem

(02-07-2013, 07:55 AM)Kuci Wrote: Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.
i did like you said (you can split your LM into two hashes in half.),but it's not run,if i don't mistake , it's alert "wrong format" when i split LM hash

Thank