+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: Trying to crack NTLMv2 (/thread-5443.html)
Pages:
1
2
Trying to crack NTLMv2 - fonestar - 05-09-2016
So I captured a NTLMv2 hash using embedded UNC from one of my Windows 7 machines using the Metasploit SMB server.
When I try to crack it using -m 1000 and a mask attack knowing the first characters I get an error saying something about the length is wrong and "skipping line"? Can someone tell me the exact command I should be using to perform a mask attack against NTLMv2 hash?
Thank-you in advance!
RE: Trying to crack NTLMv2 - epixoip - 05-09-2016
NTLMv2 is not -m 1000.
RE: Trying to crack NTLMv2 - fonestar - 05-09-2016
(05-09-2016, 05:47 PM)epixoip Wrote: NTLMv2 is not -m 1000.
-m 0 ?
Thought I tried that one too...
RE: Trying to crack NTLMv2 - epixoip - 05-09-2016
No, -m 0 is MD5. Somebody needs to do some reading.
RE: Trying to crack NTLMv2 - fonestar - 05-09-2016
(05-09-2016, 06:41 PM)epixoip Wrote: No, -m 0 is MD5. Somebody needs to do some reading.
I need to find something to read first! The only articles I've found regarding NTLM are using -m 0 and -m 1000 as examples. Everything else is about cracking WPA.
RE: Trying to crack NTLMv2 - epixoip - 05-09-2016
Articles? How about you start by reading --help. Then if you do not understand --help, read the wiki. If you need help interpreting the wiki, read the FAQ. If you're still lost, then post your question on the forums.
RE: Trying to crack NTLMv2 - fonestar - 05-09-2016
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# hashcat --help | grep -i NTLM
1000 = NTLM
5500 = NetNTLMv1-VANILLA / NetNTLMv1-ESS
5600 = NetNTLMv2
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# hashcat -m 5500 -a 0 /root/ntlm2.txt /root/rockyou.txt
Initializing hashcat v2.00 with 4 threads and 32mb segment-size...
Skipping line: 5d11f7c6054fe34013ba650090c1fdf3 (line length exception)
Skipping line: 26057f5f47bc03a52066fd60b9e2ffd1 (line length exception)
Skipping line: e6043d86df490079c0a95e0d96428d15 (line length exception)
Skipping line: b684039d6cb4a0e7cb03ccfeefb89715 (line length exception)
root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~# hashcat -m 5600 -a 0 /root/ntlm2.txt /root/rockyou.txt
Initializing hashcat v2.00 with 4 threads and 32mb segment-size...
Skipping line: 5d11f7c6054fe34013ba650090c1fdf3 (line length exception)
Skipping line: 26057f5f47bc03a52066fd60b9e2ffd1 (line length exception)
Skipping line: e6043d86df490079c0a95e0d96428d15 (line length exception)
Skipping line: b684039d6cb4a0e7cb03ccfeefb89715 (line length exception)
No hashes loaded
RE: Trying to crack NTLMv2 - fonestar - 05-09-2016
Maybe I am the one who should be more specific with my question here. I notice that the format is different under the NTLMv2 examples in the wiki. But this is not how it is being displayed when I run the SMB scanner. What information do I need from the SMB scanner? Is there a simple way to dump it in the correct format?
RE: Trying to crack NTLMv2 - epixoip - 05-09-2016
I have no idea what "SMB scanner" is, I think most people use https://github.com/SpiderLabs/Responder
RE: Trying to crack NTLMv2 - fonestar - 05-09-2016
Okay thank-you, I was using "msfconsole auxillary/server/scanner/smb" to capture the challenge but the output appears in a different format than is displayed in the wiki. I will check out Responder.