Typical attacks / steps for fast hashes > 9 characters (ntlm)
#1
I've been reading a lot about the various types of attacks one can do with hashcat and other tools.
I'm trying to put together a "typical" set of attacks that a skilled attacker would commonly use against a hash list of fast hashes such as ntlm.  In other words, given a list of a few thousand ntlm (or md5) hashes, what would you normally try first?  What attack second?

I understand one would try different things in different scenarios, but assume a a random corporate environment in the US,  You get the SAM table from domain controller.  Which attacks would you try first, second third, most of the time?

I understand that ntlm hashes of 9 characters or fewer are very vulnerable to rainbow tables, with a success rate of about 96%.
I would think, therefore, rainbow tables would be used first, then hashcat for the longer passwords?

A top million list seems like a good first thing to try, but maybe I'm wrong.
In my research I came across "OneRuleToRuleThemAll", which also looks promising.
Not having much actual experience, though, I could be completely off base.
Reply


Messages In This Thread
Typical attacks / steps for fast hashes > 9 characters (ntlm) - by secpro - 02-07-2022, 01:12 AM