+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: fgdump layout (/thread-3827.html)
fgdump layout - slawson - 11-12-2014
I am needing some clarity on what I am looking at in a fgdump file. My hash dump shows me the usernames and hashes that I can successfully load and crack, but usually at the bottom of my hash file it has some computer names and hashes. I don't really understand what those are, can someone help? Are they NTLM hashes? They never seem to crack though.
RE: fgdump layout - epixoip - 11-12-2014
they are called machine accounts.
http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx
yes, they are ntlm hashes. iirc they are 14-character random passwords.
RE: fgdump layout - slawson - 11-12-2014
So the AD assigns the random password? What would these hashes be useful for as far as penetration testing goes?
RE: fgdump layout - epixoip - 11-12-2014
i believe machine hashes are used to join machines to the domain, so if you crack a machine hash, then i believe you can use it to join a rogue machine to the domain.
edit: but you are very unlikely to crack one hashed as ntlm, i believe the keyspace is 62^14. so you really can only crack them if you have lm hashes.
RE: fgdump layout - slawson - 11-12-2014
Thanks for the info. I guess one last question on this is:
Is there any way to tell fgdump to ignore the machine accounts, so that they don't crowd up my hash file?
RE: fgdump layout - Arlaine - 11-12-2014
(11-12-2014, 08:26 PM)slawson Wrote: Thanks for the info. I guess one last question on this is:
Is there any way to tell fgdump to ignore the machine accounts, so that they don't crowd up my hash file?
Typically we remove these entries through a quick "grep -v" on the file for a $, provided no legitimate domain accounts contain this character.
As far as I know fgdump does not support skipping machine accounts.
The likelihood of cracking one of these is exceedingly low as epixoip stated. You're best off ignoring them and focusing on users.
RE: fgdump layout - slawson - 11-12-2014
Great information. Thanks for not using demeaning sarcasm on a newbie.