06-13-2013, 07:10 PM
Once you have recovered the pass you can use --username and --show to pair them back up with the username.
As for not finding the pass, verify that your dictionary does not have extra chars on the end (like a carriage return, or some funk from windows formats). To verify that the hash is legit, you can try -a 3 Passphrase and see if it will recover.
As for not finding the pass, verify that your dictionary does not have extra chars on the end (like a carriage return, or some funk from windows formats). To verify that the hash is legit, you can try -a 3 Passphrase and see if it will recover.
(06-13-2013, 07:06 PM)Chinchilla Wrote:(06-13-2013, 06:51 PM)philsmd Wrote: All formats are very well documented here: http://hashcat.net/wiki/doku.php?id=example_hashes
(with examples).
Did you try those?
Thanks for the speedy response.
In short yes, not all of them, but the ones that are related to windows credentials.
I should have been more clear with my problem. Without a username, the cracked hashes will just be a listing of passwords without anything to tie them to.
-m 1000 (NTLM) works, in so far as that it will not error out when I input my 32 character hash. But this gives me 2 problems:
1. Without a username, there will be no trace-ability.
2. The hashed password is relatively simple, 'Passphrase' and it is not cracking even though it is in my dictionary.
Thanks