+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html)
+--- Thread: NOOB question regarding NTLM Hashes (/thread-2814.html)
NOOB question regarding NTLM Hashes - snailwraith - 11-13-2013
I am working with an NTLM hash that was extracted using Quarks PW dump from a domain controller. This is a case where someone locked the keys in the car and now we need to get in. By using a combination of the registry keys and the AD database, I was able to extract the hashes and put them in a text format. I was hoping to use hashcat to crack them, but I keep getting a line exception error when running against the hash.
Below is an example of the command running:
oclHashcat-plus64.exe --hash-type 1000 --attack-mode 3 user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D:
I am using the hashcat gui for simplicity on a Windows system.
When running the program I am getting a line length exception on every line, when attempting to pull from the text file that was created.
Assistance would be appreciated.
RE: NOOB question regarding NTLM Hashes - epixoip - 11-13-2013
pwdump format is not supported, you need to specify just the nthash
RE: NOOB question regarding NTLM Hashes - mastercracker - 11-13-2013
Quote:user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D:This is the only part that you need:
user:0000:#D##########D####D#DD#D####DDD##:##D##D#DDD###D##D#D###D##D#DD##D: