Lotus Note User ID Hashing - Printable Version

Lotus Note User ID Hashing - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Lotus Note User ID Hashing (/thread-7532.html)

Lotus Note User ID Hashing - thedorkknight - 05-28-2018

Hi

I have a Lotus User ID password in which I need to crack open.

Have no idea of the version nor password length since it was used a long time ago in the office.

The problem is my hashing results with "lotus2john.py" is nowhere close to the examples given in the page:

lotus2john.py user.id

user.id:6247FE2575XXXXXXXXEB73CF63EECEB719XXXXXXXXF2A202FE23A29BXXXXXX9BA06DBC792191XXXXXX86697B14D36F394C67XXXXXXXX668F

Hopefully someone can help.

RE: Lotus Note User ID Hashing - royce - 05-28-2018

It's possible that hashcat's format is a little different in its conversion, but I'm not sure what the difference might be.

It's also possible that it's a slightly newer version or variant. Do you know what version of Lotus it is? If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8).

Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?

RE: Lotus Note User ID Hashing - thedorkknight - 05-30-2018

(05-28-2018, 04:37 PM)royce Wrote: If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8).

Yes. No idea about the version of Lotus used.

(05-28-2018, 04:37 PM)royce Wrote: Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?

No access to the platform, I'm trying to access the files using a trial copy of Lotus Notes 8.5.

I've created a user ID with the password 'hashcat', and hashing using lotus2john give me the results with the same number of characters:

user.id:67CB83F48C62EF662656FF0945EAB77DD30017703384B627494DEAACFB6349C1AA71D16E3317EA6FCBF6E4C1F07F45EE3C8343081EE1DA2B

Hope it helps.

RE: Lotus Note User ID Hashing - royce - 05-30-2018

Huh - if the trial copy produces hashes of the same type, then this may indeed simply be a new variant.

Please create an issue on hashcat's GitHub here:

https://github.com/hashcat/hashcat/issues/new

... and include the Lotus version, the plain, the produced hash, and more about your use of lotus2john - where you got it from, and the procedure that you followed to extract the hash.

RE: Lotus Note User ID Hashing - thedorkknight - 05-30-2018

Will do. Thanks for your help, Royce.

RE: Lotus Note User ID Hashing - royce - 05-30-2018

Not sure how much help I was ... but you're welcome, just the same. Big Grin