hashcat Forum
Question About NTLM - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Question About NTLM (/thread-5925.html)



Question About NTLM - will2238 - 10-05-2016

I've been doing a lot of research into how the NTLM hash works, according to https://asecuritysite.com/encryption/lmhash an NTLM hash is ASCII input > UNICODE > MD4 Hash.

I don't quite get how this works, also I think his example was messed up.  Anyway, could someone explain it to me or provide a site that can, please.


RE: Question About NTLM - atom - 10-05-2016

It's exactly as you said.

Code:
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c



RE: Question About NTLM - will2238 - 10-05-2016

(10-05-2016, 12:48 PM)atom Wrote: It's exactly as you said.

Code:
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c

Ok, I was more wondering how does the password get converted to unicode before its hashed, like...

hello --unicode--> 00680065006c006c006f --MD4--> c086551358a173bab054b4d5d694737f

but that isn't right,

hello --NTLM--> 066ddfd4ef0e9cd7c256fe77191ef43c

so how could I convert it to just the unicode so I could hash it using MD4?


RE: Question About NTLM - atom - 10-06-2016

The NTLM kernel does that automatically for you


RE: Question About NTLM - will2238 - 10-06-2016

(10-06-2016, 05:51 PM)atom Wrote: The NTLM kernel does that automatically for you

I realize that, but I want to know how would I convert it to the correct unicode form myself.  Is there a website that can or a program I can use to convert a string to the correct unicode form.


RE: Question About NTLM - radix - 10-06-2016

(10-05-2016, 12:48 PM)atom Wrote: It's exactly as you said.

Code:
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c

(10-06-2016, 06:35 PM)will2238 Wrote:
(10-06-2016, 05:51 PM)atom Wrote: The NTLM kernel does that automatically for you

I realize that, but I want to know how would I convert it to the correct unicode form myself.  Is there a website that can or a program I can use to convert a string to the correct unicode form.



RE: Question About NTLM - markgamache - 10-07-2016

Your unicode byte order is simply backwards.  it should be 680065006c00 and so on...


(10-05-2016, 06:48 PM)will2238 Wrote:
(10-05-2016, 12:48 PM)atom Wrote: It's exactly as you said.

Code:
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le | openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c

Ok, I was more wondering how does the password get converted to unicode before its hashed, like...

hello --unicode--> 00680065006c006c006f --MD4--> c086551358a173bab054b4d5d694737f

but that isn't right,

hello --NTLM--> 066ddfd4ef0e9cd7c256fe77191ef43c

so how could I convert it to just the unicode so I could hash it using MD4?



RE: Question About NTLM - atom - 10-07-2016

Maybe this makes it more clear:

Code:
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le |  xxd  
00000000: 7000 6100 7300 7300 7700 6f00 7200 6400  p.a.s.s.w.o.r.d.
root@ht:~/hashcat# echo -n password | iconv -f utf8 -t utf16le |  openssl dgst -md4
(stdin)= 8846f7eaee8fb117ad06bdd830b7586c