hashcat Forum
NTLM hash, how practical is it? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: NTLM hash, how practical is it? (/thread-3157.html)

Pages: 1 2


NTLM hash, how practical is it? - mido15 - 02-18-2014

Hi, I'm a kind of a noob at cryptography but I am trying to learn about cracking hashes. And I've got a an NTLM hash and a R9 280X, I was wondering how practical would it be to crack that hash using that card keeping in mind that all I know about the password is that it's supposed to be a strong one, and I've tried oclHashcat with a 14 char mask with lower,upper,dig and special and est time is >10 years, I understand the possibilities are huge but is there any practical way of approaching this problem?
Thanks



RE: NTLM hash, how practical is it? - Si2006 - 02-18-2014

Start small, don't go diving in trying to brute force huge keyspaces, use a few good wordlists and mangle them with some rules.


RE: NTLM hash, how practical is it? - coolbry95 - 02-18-2014

here you go.
cracking passwords 101

Trying to brute force that amount of keyspace is insane with the hardware you have.


RE: NTLM hash, how practical is it? - ToJ - 02-22-2014

May I borrow this thread a little? I have a pwd dump file from Win Server 2008 and I need the admin pwd (the one who set the pwd died, unfortunately).

The file (say ha.hash) is on the format:
Administrator:500:NO PASSWORD*********************:[32-Char Hash]:::

How do I get oclhashcat to start cracking this password for me?


RE: NTLM hash, how practical is it? - epixoip - 02-22-2014

thread hijacking is against the rules, but since you asked so politely...

your "ha.hash" file needs to just have the "[32-Char Hash]" portion of the line in it, nothing else. so just get rid of everything but the hash and it will work fine.


RE: NTLM hash, how practical is it? - undeath - 02-22-2014

(02-22-2014, 01:34 AM)ToJ Wrote: I need the admin pwd (the one who set the pwd died, unfortunately).

If you only need to access the user account you can simply reset the password. Likely much faster and guaranteed to work within this century.


RE: NTLM hash, how practical is it? - ToJ - 02-22-2014

Sorry for highjacking. I thought that there was already a similar thread to the need I had and didn't want to clog the forum.

My dad was a bit of a paranoid network admin and I am trying to break into his network at home. I'm trying to find all the family photos and try to take this as a reason to learn more about security (he sat pwds down to disk-level in some cases). Anyways, I have found some evidence to suggest that he had one master password which he re-iterated and this hash is the best option I have to actually find the base of that pwd.

I tried this command, but it will not work (I'm on windows btw):
oclhashcat64.exe -m 5600 ha.hash -a 3
but I only get a line-length exception

Any help appreciated.


RE: NTLM hash, how practical is it? - epixoip - 02-22-2014

why are you using -m 5600? 5600 is NetNTLMv2, not NTLM.


RE: NTLM hash, how practical is it? - ToJ - 02-22-2014

My understanding was that Win Serv 2k8 use v2?

Ok, so that was my first misstake. When I run -m 1000 the mask is set to ?1?2?2?2?2?2?2?3 and my 8-char test-pwd isn't caught. How can I make sure that ?a?a?a?a?a?a?a?a is tested? (I know, but I expect the pwd to be 8-12 chars, effectively randomized...)


RE: NTLM hash, how practical is it? - epixoip - 02-22-2014

NetNTLM is different from NTLM.

Yes, -m 1000 is the correct mode.

If you want to use ?a?a?a?a?a?a?a?a as your mask, then simply specify that mask on the command line.