hashcat Forum
NTLMv2 -- Not finding password - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: NTLMv2 -- Not finding password (/thread-2568.html)

Pages: 1 2


RE: NTLMv2 -- Not finding password - PnkPanther - 08-30-2013

(08-30-2013, 03:12 AM)magnum Wrote:
(08-30-2013, 02:59 AM)PnkPanther Wrote:
(08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.

Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".

Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8         (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
As you can see the GPU format rejects it but tells you why, and then the CPU format loads and cracks it. The latter just use OpenSSL so has no length limits but is likely a lot slower than HashCat.

I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.

Could you explain what needs to be removed from the hash? I would really appreciate it.


RE: NTLMv2 -- Not finding password - magnum - 08-30-2013

(08-30-2013, 03:47 AM)PnkPanther Wrote: Could you explain what needs to be removed from the hash? I would really appreciate it.

I removed three bytes of non-ASCII in the last field right were it was line wrapped when I copy-pasted it from the forum. But I do not think your file has it, I think the forum added it.


RE: NTLMv2 -- Not finding password - PnkPanther - 08-30-2013

When I use john on my hash it responds with no hashes loaded. If I run john on a hash from their example page it works. Do you know why? It seems that if it works for you it should work for me.


RE: NTLMv2 -- Not finding password - magnum - 08-31-2013

(08-30-2013, 04:14 AM)PnkPanther Wrote: When I use john on my hash it responds with no hashes loaded. If I run john on a hash from their example page it works. Do you know why? It seems that if it works for you it should work for me.

Try re-creating a correct hash like this:
Code:
$ echo -n >testhash Administrator::WIN-HMH39596ABN:1122334455667788:80be64a4282577cf3b80503f4acb0e5a
$ echo >>testhash :0101000000000000f077830c70a4ce0114ddd5c22457143000000000020000000000000000000000
$ cat testhash
Administrator::WIN-HMH39596ABN:1122334455667788:80be64a4282577cf3b80503f4acb0e5a:0101000000000000f077830c70a4ce0114ddd5c22457143000000000020000000000000000000000
Be sure to use "-n >" in the first line, and ">>" in the second.


RE: NTLMv2 -- Not finding password - PnkPanther - 09-01-2013

(08-30-2013, 03:12 AM)magnum Wrote:
(08-30-2013, 02:59 AM)PnkPanther Wrote:
(08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.

Are you sure? I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".

Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8         (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
As you can see the GPU format rejects it but tells you why, and then the CPU format loads and cracks it. The latter just use OpenSSL so has no length limits but is likely a lot slower than HashCat.

I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.

Wow, thanks magnum! Now I understand what you meant about the control characters. I should really use a better text editor.


RE: NTLMv2 -- Not finding password - LancerLunatic - 09-15-2015

(09-01-2013, 02:15 AM)PnkPanther Wrote:
(08-30-2013, 03:12 AM)magnum Wrote:
(08-30-2013, 02:59 AM)PnkPanther Wrote:
(08-30-2013, 01:28 AM)magnum Wrote: It's not a bad hash. The problem is that the salt (username + domainname) is longer than the (optimized) max of 27 characters. JtR can crack it using the CPU format but not the GPU one.

Are you sure?  I've tried john --format=netntlmv2 /root/Desktop/hash with the following and get "No password hashes loaded (see FAQ)".

Yeah I'm sure, it's still in my console buffer:
Code:
$ ../run/john test
ntlmv2-opencl: One or more hashes rejected due to salt length limitation.
Max supported sum of Username + Domainname lengths is 27 characters.
Try the CPU format for those.
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Newpass8         (Administrator)
1g 0:00:00:00 DONE (2013-08-30 01:21) 5.263g/s 666310p/s 666310c/s 666310C/s Newpass8
Use the "--show" option to display all of the cracked passwords reliably
Session completed
As you can see the GPU format rejects it but tells you why, and then the CPU format loads and cracks it. The latter just use OpenSSL so has no length limits but is likely a lot slower than HashCat.

I did remove the binary crap that epixoip mentioned. I tried pasting the correct one here but the forum re-adds the binary crap at the line wrap.

Wow, thanks magnum!  Now I understand what you meant about the control characters.  I should really use a better text editor.

Hello I know this is an old thread but it's really the only one that is close to the problem I am having. I have tried using John and Hashcat. I've used netntlmv2, LM, and  ntlm. Please assist!


I need to find the password to this for my master's class. 
<redacted>

John keeps giving me messages saying Loaded 2 password hashes with no different salts. using LM.
Hashcat says that progress is 100% everything is done but no hashes were loaded =-/ 
SOS 


RE: NTLMv2 -- Not finding password - epixoip - 09-15-2015

Your problem is you have no clue how to use your tools, and do not know how to read the forum rules.