hashcat Forum
Can`t find NTLMv2 Hash - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Can`t find NTLMv2 Hash (/thread-7605.html)

Can`t find NTLMv2 Hash - BadWood17 - 06-24-2018

Good day, everyone.
I try to crack NTLMv2 hash with the help of hashcat. My two virtual machines communictate with each other and authenticate with the help of NTLMv2. I use wireshark to catch all fields of NTLM authentication.

The main structure of the unit to crack looks like that:

Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)

So, in packets that i watch in WireShark, i can find almost all filed, except NTLMv2hash and the blob (two last field).
Could you please explain me, where to find them, or how should i do in this situation?

RE: Can`t find NTLMv2 Hash - plaverty9 - 06-26-2018

In my experience, when I capture an NTLMv2 hash, the output explicitly says that. So maybe you're not capturing them?

RE: Can`t find NTLMv2 Hash - atom - 06-28-2018

I think most people don't use wireshark to capture NTLMv2 (but should be possible), they use some sort of layer 2 attack tools or modified samba services.