+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: NTLM Hash issues (/thread-6218.html)
NTLM Hash issues - SemiAnonyAnon - 01-20-2017
Hi Guys,
Just a quick one, I can't seem to work it out.
I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.
The hash is seen as correct, and viable within Hashcat, but it's not valid.
This is the example NTLMV2 from Hashcat, which works fine:
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat")
This is my capture with some details adjusted so that it remains private:
REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$
So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)
Thanks in advance.
RE: NTLM Hash issues - blackout08 - 01-20-2017
how are you running hashcat? What switches are you using? Any outputs you can share?