07-06-2015, 11:46 AM
Are you sure? Because you just wrote "-3 a" in your post above. The fact that you ran seven different commands doesn't inspire much confidence.
Anyway, let's assume you did run the correct attack. There are several possibilities for why you only cracked three hashes:
- Rest of the passwords all contain characters outside of 0x20-0x7e
- The rest of the LM hashes were blank & were removed by the "weak hash" check (other accounts only had NTLM hashes)
- Hashes were corrupted (https://media.blackhat.com/bh-us-12/Brie...ash_WP.pdf)
Anyway, let's assume you did run the correct attack. There are several possibilities for why you only cracked three hashes:
- Rest of the passwords all contain characters outside of 0x20-0x7e
- The rest of the LM hashes were blank & were removed by the "weak hash" check (other accounts only had NTLM hashes)
- Hashes were corrupted (https://media.blackhat.com/bh-us-12/Brie...ash_WP.pdf)