Windows 10 Hash seems to be wrong
#11
what kind of dumper do you use? some dumpers need you to specify the boot key on your own, without this the dump will allways be wrong

second, there are plenty of ntlm generators outside, if you dont trust them, use something like python to build your own (see my really simply code), feed your pw and compare the generated ntlm hash with your dumped, if they dont match, then your dumpers are crappy

Code:
import hashlib
import binascii

print('Test-Hash:'.ljust(20) + '7ce21f17c0aee7fb9ceba532d0546ad6:1234')

def get_ntlm(string):

    hash = hashlib.new('md4', string.encode('utf-16le')).digest()
    hash = binascii.hexlify(hash)
    print('{}'.format(string).ljust(20) + '{}'.format(hash.decode()))

passes = [
'1234',
'123456',
'yourinput',
]

for pw in passes:
    get_ntlm(pw)

input()
Reply
#12
Tools known to extract correct ntlm hashes from win10: mimikatz, pypykatz or secretsdump from impacket.

Most other tools struggle with recent versions of win10.
Reply