LM Hashes - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: LM Hashes (/thread-8585.html) Pages:
1
2
|
RE: LM Hashes - slawson - 08-27-2019 Awesome. Thanks. RE: LM Hashes - evilmog - 08-28-2019 Assuming your ntds dump is ntds.dit you need to do the following (don't do it from a mac, it just doesn't work) 1) Create a list of just lanman Code: cut -d: -f3 < ntds.dit | sort -u > ntds.lm 2) Create a list of just ntlm and remove invalid hashes (aad3b435b51404eeaad3b435b51404ee) Code: cut -d: -f4 < ntds.dit | grep -v aad3b435b51404eeaad3b435b51404ee | sort -u > ntds.ntlm 3) run hashcat in mode 3000 on increment mode for ?a (this will not cover all accented and international characters, adjust if needed) Code: ./hashcat -m 3000 ntds.lm -i -a 3 -w 3 ?a?a?a?a?a?a?a 4) create a new candidate file Code: ./hashcat -m 3000 ntds.lm --show | cut -d: -f2- > cand.lst 5) download the toggles rules from https://blog.didierstevens.com/2016/07/16/tool-to-generate-hashcat-toggle-rules/ Direct download link: http://didierstevens.com/files/software/generate-hashcat-toggle-rules_v0_0_1.zip 6) run hashcat with your candidate file and the rule file in that zip Code: ./hashcat -m 1000 ntds.ntlm -w 3 -O -a 0 cand.lst -r toggles-lm-ntlm.rule 7) show the results Code: ./hashcat -m 1000 ntds.dit --username --show |