NTLM Hash issues
#1
Hi Guys, 

Just a quick one, I can't seem to work it out.

I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.

The hash is seen as correct, and viable within Hashcat, but it's not valid.

This is the example NTLMV2 from Hashcat, which works fine:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030   (Processes to "hashcat")

This is my capture with some details adjusted so that it remains private:

REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$

So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)
 
Thanks in advance.


Messages In This Thread
NTLM Hash issues - by SemiAnonyAnon - 01-20-2017, 12:32 AM
RE: NTLM Hash issues - by blackout08 - 01-20-2017, 08:43 AM