Can`t find NTLMv2 Hash - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Can`t find NTLMv2 Hash (/thread-7605.html) |
Can`t find NTLMv2 Hash - BadWood17 - 06-24-2018 Good day, everyone. I try to crack NTLMv2 hash with the help of hashcat. My two virtual machines communictate with each other and authenticate with the help of NTLMv2. I use wireshark to catch all fields of NTLM authentication. The main structure of the unit to crack looks like that: Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field) So, in packets that i watch in WireShark, i can find almost all filed, except NTLMv2hash and the blob (two last field). Could you please explain me, where to find them, or how should i do in this situation? RE: Can`t find NTLMv2 Hash - plaverty9 - 06-26-2018 In my experience, when I capture an NTLMv2 hash, the output explicitly says that. So maybe you're not capturing them? RE: Can`t find NTLMv2 Hash - atom - 06-28-2018 I think most people don't use wireshark to capture NTLMv2 (but should be possible), they use some sort of layer 2 attack tools or modified samba services. |