LM & NTLMv1 + challenge
#1
Hi!
I'm experimentig with some old SMB test captures. I have LANMAN (LM) and NTLM hashes too, with challenge. Back in time, Cain can attack LANMAN hashes, and then attack the NTLM using the known UPPERCASE pass. 

How can I do it with Hashcat?

I can use -m 5500, (NetNTLMv1 / NetNTLMv1+ESS) but just for the NTLM part. How can Hashcat recover the LM part (7 UPPER chars+1...7 UPPER chars) ?

Sample capture:
Code:
::USER:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF:0123456789ABCDEF

I also tried other modes, like -m 3000, but no luck. Formating the capture to a Hashcat compatible way was a task too.
By the way, John can perform this attack out of the box....

Thankyou!
Reply


Messages In This Thread
LM & NTLMv1 + challenge - by jason81 - 12-19-2022, 02:53 PM
RE: LM & NTLMv1 + challenge - by Snoopy - 12-19-2022, 03:09 PM
RE: LM & NTLMv1 + challenge - by Chick3nman - 12-19-2022, 06:57 PM
RE: LM & NTLMv1 + challenge - by jason81 - 12-21-2022, 11:32 PM
RE: LM & NTLMv1 + challenge - by jason81 - 01-24-2023, 11:29 AM
RE: LM & NTLMv1 + challenge - by Chick3nman - 01-24-2023, 05:37 PM
RE: LM & NTLMv1 + challenge - by jason81 - 03-13-2023, 04:12 PM
RE: LM & NTLMv1 + challenge - by jason81 - 04-07-2023, 03:17 PM
RE: LM & NTLMv1 + challenge - by Chick3nman - 04-10-2023, 04:12 AM
RE: LM & NTLMv1 + challenge - by m1ck3yb33 - 05-29-2024, 02:47 PM