+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: NTLMV2 hash crack bruteforce (/thread-3091.html)
NTLMV2 hash crack bruteforce - gemgeorge - 01-29-2014
How to cut NT client challenge to simple format for hacking? I try this directly as below
oclHashcat64.exe -m 5600 xxx::xxxxx:4E64CCCA40DD96AC:010100000000000011CE0F4B220ECF01:83EC51155E7C1CCF0000000002000C0056004A004E0045005400420001000A0056004A004E00450054000400140076006A006E00650074002E0076006A00650063000300200076006A006E00650074002E0076006A006E00650074002E0076006A00650063000500140076006A006E00650074002E0076006A00650063000700080011CE0F4B220ECF0106000400020000000800300030000000000000000100000000200000A70BAB232683FFFF3EDAF02450410161A7C450B5D80A30CB2D99AAB47CCE77660A001000000000000000000000000000000000000900260048005400540050002F003100370032002E00320030002E003100370034002E00320031003100000000000000000000000000 -a 3 --status
I saw it is fast if I get simple hash
Also is there any way to crack NTLMV2 without Domain name in oclHashcat? I can do it in Cain
RE: NTLMV2 hash crack bruteforce - mastercracker - 01-29-2014
Look at the NTLMV2 format with the hash example from this page:
http://hashcat.net/wiki/doku.php?id=example_hashes
Also, it would be a lot cleaner if you would store your hash in a text file instead of putting it in the command line. --status is not needed and you need to provide a mask.
RE: NTLMV2 hash crack bruteforce - gemgeorge - 01-30-2014
Thank you mastercracker. But I cannot figure out how to make the NT client challenge part to cut out and make small hash. I saw some such examples in this forum. But I can't find a procedure to make 576 char lengthen hash to 280 char hash( as shown in the link you provided)
RE: NTLMV2 hash crack bruteforce - mastercracker - 01-31-2014
Does Cain or JTR accept this hash as is? If so, does it really state that it's NTLMV2? I never worked with these format so I can't really help more than this.
RE: NTLMV2 hash crack bruteforce - magnum - 02-01-2014
I can confirm that field is of varying length, and JtR accepts the hash as posted. Are you saying HC doesn't, or did you stare too much at the example hash and didn't even try?
RE: NTLMV2 hash crack bruteforce - scrapmetal89 - 11-08-2014
I know this is an old post but I am new to the forum and this wat the only thread I could find relevant to my querie.
I m running cudaHashcat on a 64bit The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) box with an Nvdia Geforce 735 2gb and when I run cudaHashcat with an NTLMv2 hash like so:
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Desktop/My Stuff/cudaHashcat-1.30# '/root/Desktop/My Stuff/cudaHashcat-1.30/cudaHashcat64.bin' -m 5600 test::test-PC:1122334455667788:CCE958E2567F8FFF0217AB32D4454154:010100000000000038A2288013FACF0139F4C139FC72D23E000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C00080030003000000000000000010000000020000089466F4E6E55EB571B1DE1F1C0FF5F13300EC7AB644E01BC8BE7C907DDC41D030A001000000000000000000000000000000000000900120048005400540050002F0077007000610064000000000000000000 '/root/Desktop/My Stuff/cudaHashcat-1.30/example.dict'
I get the following output:
cudaHashcat v1.30 starting...
Device #1: GeForce GT 735M, 2047MB, 627Mhz, 2MCU
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel /root/Desktop/My Stuff/cudaHashcat-1.30/kernels/4318/m5600_a0.sm_35.64.ptx
Device #1: Kernel /root/Desktop/My Stuff/cudaHashcat-1.30/kernels/4318/bzero.64.ptx
Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: File (/root/Desktop/My Stuff/cudaHashcat-1.30/example.dict)
Hash.Target....: TEST::test-PC:1122334455667788:cce958e2567f8fff0217ab32d4454154:010100000000000038a2288013facf0139f4c139fc72d23e000000000200060053004d0042000100160053004d0042002d0054004f004f004c004b00490054000400120073006d0062002e006c006f00630061006c000300280073006500720076006500720032003000300033002e0073006d0062002e006c006f00630061006c000500120073006d0062002e006c006f00630061006c00080030003000000000000000010000000020000089466f4e6e55eb571b1de1f1c0ff5f13300ec7ab644e01bc8be7c907ddc41d030a001000000000000000000000000000000000000900120048005400540050002f0077007000610064000000000000000000
Hash.Type......: NetNTLMv2
Time.Started...: 0 secs
Speed.GPU.#1...: 0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 0/0 (100.00%)
Skipped........: 0/0 (100.00%)
Rejected.......: 0/0 (100.00%)
HWMon.GPU.#1...: -1% Util, 52c Temp, -1% Fan
Started: Fri Nov 7 23:20:16 2014
Stopped: Fri Nov 7 23:20:21 2014
but all it gives me in the Hashcat.pot file is this hash:
TEST::test-PC:1122334455667788:cce958e2567f8fff0217ab32d4454154:010100000000000038a2288013facf0139f4c139fc72d23e000000000200060053004d0042000100160053004d0042002d0054004f004f004c004b00490054000400120073006d0062002e006c006f00630061006c000300280073006500720076006500720032003000300033002e0073006d0062002e006c006f00630061006c000500120073006d0062002e006c006f00630061006c00080030003000000000000000010000000020000089466f4e6e55eb571b1de1f1c0ff5f13300ec7ab644e01bc8be7c907ddc41d030a001000000000000000000000000000000000000900120048005400540050002f0077007000610064000000000000000000:test
even though the correct password is in the wordlist.
I have also tried a mask attack, and a hybrid attack but to no avail with the exact same output in the .pot file.
Please any assistance would be much appreciated
RE: NTLMV2 hash crack bruteforce - Rolf - 11-08-2014
Haven't noticed the ':test' at the end, have you?
RE: NTLMV2 hash crack bruteforce - scrapmetal89 - 11-09-2014
':test' at the end? what do you mean?
RE: NTLMV2 hash crack bruteforce - The Mechanic - 11-09-2014
at the end of the hash you posted from your .pot file, it shows the found password of test
RE: NTLMV2 hash crack bruteforce - scrapmetal89 - 11-09-2014
OMG I feel really stupid right now :/ haha thanks alot for your help