+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Can hashcat crack NTLMSSP ? (/thread-1622.html)
Can hashcat crack NTLMSSP ? - Mem5 - 10-04-2012
Hi,
During a pentest I captured out a NTLMSSP "hash" Does oclhascat crack NTLMSSP ?
http://msdn.microsoft.com/en-us/library/windows/desktop/ms691272%28v=vs.85%29.aspx
http://en.wikipedia.org/wiki/NTLMSSP
Quote:GET http://www.xxxx.xxx/ HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Cookie: xxxxxx
Accept-Encoding: gzip
Host: www.xx.xx
Proxy-Authorization: NTLM TlRMTVNTUAADAAAA/some base64 encoded stuff here/
Thank you.
RE: Can hashcat crack NTLMSSP ? - epixoip - 10-04-2012
hashcat isn't able to crack it, no. and i'm not 100% positive, but i don't think you have enough here to crack anyway. ntlm c/r is a four-way handshake, you only have one of the pieces. i also believe that you need to be the one to initiate the challenge, using a specially crafted challenge that you control. i think most people use metasploit, ettercap, c&a, or something along those lines to automate the process. i think there are also scripts out there that will parse out the necessary bits from a pcap file.
RE: Can hashcat crack NTLMSSP ? - Mem5 - 10-05-2012
Ok.
And what if I retrieved the complete four-way exchange ? How could I crack it ?
RE: Can hashcat crack NTLMSSP ? - epixoip - 10-06-2012
maybe try https://github.com/psychomario/ntlmsspparse and see if that doesn't put it into a format that jtr can recognize. i think jtr jumbo supports ntlm c/r.
RE: Can hashcat crack NTLMSSP ? - Kondormax - 11-15-2012
I do not really understand why is it so hard to crack such hashes.
Does Cain&Abel use some secret and very complicated algorythm, that cannot be recreated?