Module 5500 - different results for same hash (with or without client challenge part)
#1
Information 
Hi, i just test example hash (password hashcat) provided here on Hashcat.net (https://hashcat.net/wiki/doku.php?id=example_hashes)

for module m 5500 is expected format:
Code:
u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

a lot of people recommend use this short format (user, response, challenge):
Code:
u4-netntlm::::9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

but hashcat doesn't find password for this short format. When i run it on original format, hashcat works ok:
Code:
u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

I use for testing short dictionary where i put correct password. Command-line is the same for both test only hash is changing. I find that 3 striped part from the hash cause - password is not found.

I want use it on mschapv2 dump and all i have is: user, domain, response & challenge. Is it possible recover pswd without this 3 part? Or maybe i use bad module? (but all people references use 5500) I play first with example hashes to be sure it's all working.
Reply
#2
see:
https://hashcat.net/forum/thread-6638.html
https://hashcat.net/forum/thread-2563-po...l#pid15255
Reply
#3
(04-18-2019, 02:43 PM)philsmd Wrote: see:
https://hashcat.net/forum/thread-6638.html
https://hashcat.net/forum/thread-2563-po...l#pid15255

I already read these post (i use search before post :-) ) but this doesn't help me answer my question.
I read also https://hashcat.net/forum/thread-7041.html ...
Reply
#4
maybe you just didn't understand the posts.

depending on the output you get from your capture tool/dump (i.e. if it is NetNTLMv1 / NetNTLMv1+ESS or NetNTLMv2), you need to use -m 5500 or -m 5600.

The perl command from https://hashcat.net/forum/thread-2563-po...l#pid15255 can be used to convert the output of your capture tool if needed (if it uses the jtr format with $NETNTLM$).
of course you cannot just randomly modify the example hash and think it is still crackable with different data. If you change a hash, you probably make it uncrackable.

the missing part in your hash is the domain. Do you know the doman of the target ?

both -m 5500 and -m 5600 use the domain within the algorithm, it could be blank (empty string) as far as I know, but if the domain is used by the devices, you need to use it too.

The format for -m 5500 is for instance very simple, just $user::$domain:$client_challenge:$response:$server_challenge
Reply
#5
(04-18-2019, 07:27 PM)philsmd Wrote: the missing part in your hash is the domain. Do you know the doman of the target ?

both -m 5500 and -m 5600 use the domain within the algorithm, it could be blank (empty string) as far as I know, but if the domain is used by the devices, you need to use it too.

The format for -m 5500 is for instance very simple,  just $user::$domain:$client_challenge:$response:$server_challenge

Thank you for your reply :-)

it start make sense now. If domain is part of the calculation, then of course it will not work. Yes there is domain (in my test case is it same string as the user). I check domain part before but it has no sense to me (checked example was not a hex ascii number or hex unicode number). Maybe there is special conversion (domain -> hex number)? Or maybe i can put pure domain string inside hash? (I don't think so) All checked examples have domain set as hex number or was empty. Nobody mention that it can have big importance in hash recovery :-)
Reply
#6
the domain is actually not used in computing the response and therefore can be skipped/ignored/anything, but the client challenge must be specified (e.g. 338d08f8e26de93300000000000000000000000000000000 in the example hash) if used (not empty).
Reply
#7
(04-18-2019, 08:26 PM)philsmd Wrote: the domain is actually not used in computing the response and therefore can be skipped/ignored/anything, but the client challenge must be specified (e.g. 338d08f8e26de93300000000000000000000000000000000 in the example hash) if used (not empty).

Client challenge is missing. All that i have is: user (string), domain (same as user), response (hash) & challenge (hash):

Code:
mschapv2: Wed Jan 21 11:22:33 2019
     domain\username:     testuser
     username:            testuser
     challenge:           X1:XX:XX:XX:XX:XX:XX:X8
     response:            Y1:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:Y4


I build this hash from it:
Code:
   testuser::::Y1YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:X1XXXXXXXXXXXXX8


HashCat accept it. But it fail to find solution. (pswd should be easy to find, some CTF stuf...) So i start thinking that domain can play some role in it. I have also examples where domain is empty and HashCat find solution without problems ...
Reply
#8
I guess this is just because you didn't test with the correct password candidate.

hashcat only tries the passwords that you tell it to run.
Maybe this specific hash is harder to crack and you need to use some rules (-r) or use a small mask attack (-a 3).

btw: the hash from the hostapd-wpe github project: https://github.com/OpenSecurityResearch/...#L120-L130 i.e. formatted like this (masked with X)
Code:
jdslfkjs::::2d00XXXX5606XXdXXXX0fXXc86be1XXXX04ca8240XX7cf0:bcXX6cXXXX3926e

password: bradtest

... cracks perfectly fine!

this also doesn't use any client challenge, but it still cracks perfectly fine.

You could also easily set up a test system and try to create and dump your own hashes, but I guess it's better to just keep cracking Wink

BTW: I think my answers above (I just noticed it now) could be a little bit confusing about when the domain is used within the algorithm... only -m 5600 (netntlmv2) uses the domain within the algorithm (while -m 5500 does not):
see https://github.com/hashcat/hashcat/blob/...pm#L33-L34
Reply
#9
(04-19-2019, 11:44 AM)philsmd Wrote: > I guess this is just because you didn't test with the correct password candidate.

> Maybe this specific hash is harder to crack and you need to use some rules (-r) or use a small mask attack (-a 3).

> this also doesn't use any client challenge, but it still cracks perfectly fine.

- Yes, probably i don't find right combination yet. All this thread is just about that i want to be sure that i am not running it with bad configuration (something that i am miss) that can lead to endless running without success Smile

- I use rules (i have also build my own special rules)


To sum it up, some 5500 hashes:

- have client challenge - they need to be used otherwise password is not found! (e.g. original hashcat test example)
- some hashes are without client challenge and runs fine (e.g. bradtest example)
Reply