hashcat Forum
Hash Confusion.. - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Hash Confusion.. (/thread-3711.html)



Hash Confusion.. - Urieal - 10-03-2014

Hi there!

Although I am familiar with oclhashcat my experience is limited to only WPA2 cracking. I was wondering if anyone here could assist with the following. I have been working with a client conducting a pen test of their networks internally....

For the past week we've been running ettercap arp poisoning along with sslstrip to gather credentials and other other juicy info. Up until today everything has been working beautifully... Then this showed up.

** Point of interest ** once we're done writing our pcap via ettercap we dump the file into TCPANALYZER to propogate the packets into the network traffic such as pictures, texts, files, credentials ect (great tool btw!)...

What stumbled me is something that showed up in the credential tab.

Username: Administrator

Password:

NTLM Challenge:
10FFA464D82EB8CE

LAN Manager Response:
000000000000000000000000000000000000000000000000

NTLM Response:
100B41B594BA04DA63FAE1BA54356F70010100000000000081C0E3F763DECF01A2A101429D9308BA00000000020016004F0052004C0041004E0044004F0043004F0052005000010016004200410055004D0041004E004C002D0030003000310004002A006C006F00630061006C002E006F0072006C0061006E0064006F0063006F00720070002E0063006F006D00030042004200410055004D0041004E004C002D003000300031002E006C006F00630061006C002E006F0072006C0061006E0064006F0063006F00720070002E0063006F006D0005002A006C006F00630061006C002E006F0072006C0061006E0064006F0063006F00720070002E0063006F006D000800300030000000000000000000000000300000E42E6D576615B39A2EC0EC94D30E549B670BEC19EDA012CC5216C45DBD515C190A001000000000000000000000000000000000000900280063006900660073002F003100390032002E003100360038002E003100300035002E003100300038000000000000000000



So here is my question...
How do I formulate that to a 'string' that I can put in OPHCRACK, or Cain, or heck even HashCat to run against rainbow tables/ dictionaries ect with the intent of recovering the password?

Any and all guidance would be greatly appreciated...

I'm at a total loss for working with this algorithm...

Input, Advice GREATLY APPRECIATED!