+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: LM Hashes (/thread-8585.html)
Pages:
1
2
RE: LM Hashes - slawson - 08-27-2019
Awesome. Thanks.
RE: LM Hashes - evilmog - 08-28-2019
Assuming your ntds dump is ntds.dit you need to do the following (don't do it from a mac, it just doesn't work)
1) Create a list of just lanman
Code:
cut -d: -f3 < ntds.dit | sort -u > ntds.lm2) Create a list of just ntlm and remove invalid hashes (aad3b435b51404eeaad3b435b51404ee)
Code:
cut -d: -f4 < ntds.dit | grep -v aad3b435b51404eeaad3b435b51404ee | sort -u > ntds.ntlm3) run hashcat in mode 3000 on increment mode for ?a (this will not cover all accented and international characters, adjust if needed)
Code:
./hashcat -m 3000 ntds.lm -i -a 3 -w 3 ?a?a?a?a?a?a?a4) create a new candidate file
Code:
./hashcat -m 3000 ntds.lm --show | cut -d: -f2- > cand.lst5) download the toggles rules from https://blog.didierstevens.com/2016/07/16/tool-to-generate-hashcat-toggle-rules/
Direct download link: http://didierstevens.com/files/software/generate-hashcat-toggle-rules_v0_0_1.zip
6) run hashcat with your candidate file and the rule file in that zip
Code:
./hashcat -m 1000 ntds.ntlm -w 3 -O -a 0 cand.lst -r toggles-lm-ntlm.rule7) show the results
Code:
./hashcat -m 1000 ntds.dit --username --show