hashcat Forum
lm hash - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: lm hash (/thread-4505.html)



lm hash - bobva - 07-05-2015

i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!


RE: lm hash - mastercracker - 07-05-2015

(07-05-2015, 10:54 AM)bobva Wrote: i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!
First, you don't need a-z, just A-Z but it's possible that hashcat ignore it anyway (just don't assume it). Second, I doubt that you went up to 7 characters long on CPU. Third, post your command line so that we can make sure everything is o.k.


RE: lm hash - bobva - 07-06-2015

(07-05-2015, 05:16 PM)mastercracker Wrote:
(07-05-2015, 10:54 AM)bobva Wrote: i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!
First, you don't need a-z, just A-Z but it's possible that hashcat ignore it anyway (just don't assume it). Second, I doubt that you went up to 7 characters long on CPU. Third, post your command line so that we can make sure everything is o.k.

cudahashcat64.exe -3 a c:\lm-hash.txt ?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a?a?a -m 3000


RE: lm hash - epixoip - 07-06-2015

If those are the actual commands you ran, then that would be your problem. "-3 a" defines custom charset 3 as the letter "a", perhaps you meant "-a 3"? You also do not need seven different commands. At the very least you'd use an hcmask file, but in this case you can simply just use increment mode.

Code:
cudaHashcat64 -a 3 -i -m 3000 lm-hash.txt ?a?a?a?a?a?a?a



RE: lm hash - bobva - 07-06-2015

(07-06-2015, 08:57 AM)epixoip Wrote: If those are the actual commands you ran, then that would be your problem. "-3 a" defines custom charset 3 as the letter "a", perhaps you meant "-a 3"? You also do not need seven different commands. At the very least you'd use an hcmask file, but in this case you can simply just use increment mode.

Code:
cudaHashcat64 -a 3 -i -m 3000 lm-hash.txt ?a?a?a?a?a?a?a

the command is -a 3 not 3 -a..
and i dont found all the password...


RE: lm hash - epixoip - 07-06-2015

Are you sure? Because you just wrote "-3 a" in your post above. The fact that you ran seven different commands doesn't inspire much confidence.

Anyway, let's assume you did run the correct attack. There are several possibilities for why you only cracked three hashes:

- Rest of the passwords all contain characters outside of 0x20-0x7e
- The rest of the LM hashes were blank & were removed by the "weak hash" check (other accounts only had NTLM hashes)
- Hashes were corrupted (https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf)


RE: lm hash - mastercracker - 07-08-2015

Nice paper about the corrupted hashes. This explains a lot of weird things that I was seeing in other's dumps.


RE: lm hash - epixoip - 07-08-2015

Yeah, I think most tools have fixed this by now, but if you're using older copies of the tools or a tool which hasn't yet addressed this problem, then it certainly is a major issue.