03-25-2018, 05:44 PM
(This post was last modified: 03-25-2018, 06:41 PM by Spork Schivago.)
Hello,
So I have an LM Hash and an NTLM hash. I figured out the LM hash, but when I try to reencrypt the password using an LM hash / NTLM hash generator, the NTLM never matches what shows up in the SAM, although the LM hash matches just fine.
Because changing the case of the characters doesn't change the LM hash, I'm thinking I just have the capitalizations wrong.
Is there any way to have hashcat try different cases for a 13 digit password? For example, let's just say I know the password is
password12345 but I don't know the capitalization. If I have the NTLM hash, how would I tell hashcat that the password is password12345 but I'm not sure what letters are capitalized, and to try every combination of capitalizations?
If you need more clarification, I can give an example. I've been over the FAQ and don't see what I'm looking for. I've looked at the output of hashcat64.bin --help and don't see what I'm looking for. I'm sure a mask has something to do with it.
Maybe something like hashcat64.bin <my various options> <path_to_NTLM_hash> <LM password> ?a?a?a?a?a?a?a?a?a?a?a?a?a
Would that be the way to go?
Or would I use ?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu
Would that work? Even though some of the password is numbers, some are special characters, like $? So long as I pass the known LM password to hashcat, the ?lu 13 times should work, right?
So I have an LM Hash and an NTLM hash. I figured out the LM hash, but when I try to reencrypt the password using an LM hash / NTLM hash generator, the NTLM never matches what shows up in the SAM, although the LM hash matches just fine.
Because changing the case of the characters doesn't change the LM hash, I'm thinking I just have the capitalizations wrong.
Is there any way to have hashcat try different cases for a 13 digit password? For example, let's just say I know the password is
password12345 but I don't know the capitalization. If I have the NTLM hash, how would I tell hashcat that the password is password12345 but I'm not sure what letters are capitalized, and to try every combination of capitalizations?
If you need more clarification, I can give an example. I've been over the FAQ and don't see what I'm looking for. I've looked at the output of hashcat64.bin --help and don't see what I'm looking for. I'm sure a mask has something to do with it.
Maybe something like hashcat64.bin <my various options> <path_to_NTLM_hash> <LM password> ?a?a?a?a?a?a?a?a?a?a?a?a?a
Would that be the way to go?
Or would I use ?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu?lu
Would that work? Even though some of the password is numbers, some are special characters, like $? So long as I pass the known LM password to hashcat, the ?lu 13 times should work, right?