NTLM password not found
#4
(04-30-2018, 02:17 PM)DanielG Wrote: This is very strange, maybe hashcat doesn't do unicode well?

That's correct. At least for NTLM or any other kernel using the make_utf16* functions (defined in OpenCL/inc_common.cl).
NTLM is simply MD4 but the password is encoded in UTF-16.

Code:
$ echo -n František1 | iconv -f utf8 -t utf16le | xxd
00000000: 4600 7200 6100 6e00 7400 6900 6101 6500  F.r.a.n.t.i.a.e.
00000010: 6b00 3100                                k.1.

This is what's supposed to be fed into the MD4 hash function.
make_utf16le() cheats a bit and simply appends a null byte after every input byte. That works fine as long as all the characters are ASCII.
But in your case hashcat feeds this into the MD4 hash function which results in a different hash.

Code:
00000000: 4600 7200 6100 6e00 7400 6900 c500 a100  F.r.a.n.t.i.....
00000010: 6500 6b00 3100                           e.k.1.
(technically it's 0072 0046... etc. because of little endian)

So until someone contributes a valid UTF-16 encoder this will be an issue.


Messages In This Thread
NTLM password not found - by Dr-Tibetor - 04-30-2018, 10:25 AM
RE: NTLM password not found - by Banaanhangwagen - 04-30-2018, 12:31 PM
RE: NTLM password not found - by DanielG - 04-30-2018, 02:17 PM
RE: NTLM password not found - by hops - 05-01-2018, 07:53 AM
RE: NTLM password not found - by DanielG - 05-01-2018, 11:32 AM
RE: NTLM password not found - by hops - 05-01-2018, 12:28 PM