NetNTLMv2 Cyrillic symbols issue - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html) +--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html) +--- Thread: NetNTLMv2 Cyrillic symbols issue (/thread-5437.html) |
NetNTLMv2 Cyrillic symbols issue - laren - 05-06-2016 Hi! I'm trying to crack NetNtlmv2 hash with known password test::test-PC:1122334455667788:EE8BE66E931EE5F78502E43AB0755EB7:0101000000000000B74CFB6137A6D101B672CD72950FCF320000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C000800300030000000000000000000000000300000EFD2A20880C73783FE82407EB41E4B3FE2D57CF015812BDC3DBC367618B9B8E30A0010000000000000000000000000000000000009001C0063006900660073002F0064006100750074006F0076002D00700063000000000000000000 password is cyrillic "a" (unicode 0430) when i try method described here hashcat didn't manage to recover this pass. Then i tried to run hashcat using mask ?b?b --incremental Useless again. Password was successfully cracked using john. Hashcat successfully crack hashes with latin passwords, for example test::test-PC:1122334455667788:66B41928700FEA503B80D86372FE1164:0101000000000000206CC1C437A6D101A0D0BEE8D9BE72C80000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C00080030003000000000000000000000000030000037DE47151778061BAA06DCDCE4F1ACAB2B85419749F92F70F4921AAA5677A3F80A0010000000000000000000000000000000000009001C0063006900660073002F0064006100750074006F0076002D00700063000000000000000000:te Am I right that there is some issue with non latin symbols in netntlmv2 method in hashcat? RE: NetNTLMv2 Cyrillic symbols issue - epixoip - 05-06-2016 Something is not right here. I created a wordlist with various encodings of that character (UTF8, UTF16LE, Windows 1251, ISO 8859-5) and cannot crack the hash you provided with Hashcat or JTR. So I do not think the password for that hash is what you say it is. If JTR did indeed crack that hash, can you provide the plaintext from john.pot as hex? RE: NetNTLMv2 Cyrillic symbols issue - laren - 05-07-2016 I can provide it a bit later (far away from home right now) john cracked this hash with default settings on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux with cmd "john --format=netntlmv2 --encoding=CP1251 --incremental=lanman hash.txt" RE: NetNTLMv2 Cyrillic symbols issue - laren - 05-11-2016 john.pot $NETNTLMv2$TESTtest-PC$1122334455667788$ee8be66e931ee5f78502e43ab0755eb7$0101000000000000b74cfb6137a6d101b672cd72950fcf320000000002000a0073006d006200310032000100140053004500520056004500520032003000300038000400160073006d006200310032002e006c006f00630061006c0003002c0053004500520056004500520032003000300038002e0073006d006200310032002e006c006f00630061006c000500160073006d006200310032002e006c006f00630061006c000800300030000000000000000000000000300000efd2a20880c73783fe82407eb41e4b3fe2d57cf015812bdc3dbc367618b9b8e30a0010000000000000000000000000000000000009001c0063006900660073002f0064006100750074006f0076002d00700063000000000000000000:а and last line in hex 00000270: 30 30 30 30 3A D0 B0 0A 00000:Р° RE: NetNTLMv2 Cyrillic symbols issue - atom - 05-13-2016 The linked site from rura works for the most algorithm like MD5, WPA, etc, but you can't crack 8bit passwords on algorithms which do the unicode conversion inside the algorithm itself. In that case the zero bytes are always added. This would require a kernel change to make it possible |