hashcat Forum Deprecated; Ancient Versions Very old oclHashcat-plus Support v
[HELP] What's the input format of NTLM when using hashcat-plus ?

Threaded Mode
[HELP] What's the input format of NTLM when using hashcat-plus ?
unname2012 Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Jan 2013
#1
02-06-2013, 11:29 AM (This post was last modified: 02-06-2013, 09:10 PM by epixoip.)
Hello all,i know my question is stupid but i really want to know what's the format of NTLM when using hashcat-plus to crack ? i usually using JTR to crack NTML with format like this (Administrator:500:XXXXXXXXXXXXXXXXe08f82d6d2a3d8a6:XXXXXXXXXXXXXXXX6bc90ee0d60c6adf:::) ,but it not run in hashcat
please help me


Thank
Find
Kuci Offline
Member
***
Posts: 179
Threads: 13
Joined: Dec 2012
#2
02-06-2013, 03:32 PM
Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM
Find
unname2012 Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Jan 2013
#3
02-07-2013, 06:29 AM (This post was last modified: 02-07-2013, 06:30 AM by unname2012.)
(02-06-2013, 03:32 PM)Kuci Wrote: Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM

so,if crack window password,i just need crack this string (XXXXXXXXXXXXXXXX6bc90ee0d60c6​adf) with NTLM Algorithms ?

Thank !
Find
Kuci Offline
Member
***
Posts: 179
Threads: 13
Joined: Dec 2012
#4
02-07-2013, 07:55 AM (This post was last modified: 02-07-2013, 07:56 AM by Kuci.)
Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.
Find
epixoip Offline
Legend
******
Posts: 2,935
Threads: 12
Joined: May 2012
#5
02-07-2013, 09:27 AM
lm has no lower-case letters. all letters are converted to uppercase. lm has a total keyspace of 69^7.
Find
Kuci Offline
Member
***
Posts: 179
Threads: 13
Joined: Dec 2012
#6
02-07-2013, 04:11 PM
Oh, I forgon, but lowercased chars are converted to uppercase.
Find
epixoip Offline
Legend
******
Posts: 2,935
Threads: 12
Joined: May 2012
#7
02-07-2013, 09:11 PM
but not with hashcat they're not. you need to manually do all the uppercase conversions with hashcat.
Find
Kuci Offline
Member
***
Posts: 179
Threads: 13
Joined: Dec 2012
#8
02-08-2013, 07:45 AM
Well, this is in oclHashcat-plus forum, so the oclHashcat-plus is meant. But good to know.
Find
epixoip Offline
Legend
******
Posts: 2,935
Threads: 12
Joined: May 2012
#9
02-08-2013, 08:07 AM
i'm using the word 'hashcat' to refer to any hashcat product.
Find
unname2012 Offline
Junior Member
**
Posts: 13
Threads: 4
Joined: Jan 2013
#10
02-10-2013, 07:12 AM
Sr all,i bust few day , first i want to say "THANK" to all of you,i have some question about this problem

(02-07-2013, 07:55 AM)Kuci Wrote: Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.
i did like you said (you can split your LM into two hashes in half.),but it's not run,if i don't mistake , it's alert "wrong format" when i split LM hash

Thank
Find