06-05-2024, 04:02 PM
(06-05-2024, 12:10 PM)penguinkeeper Wrote:(06-05-2024, 10:14 AM)Arthur.pendragon Wrote:(06-04-2024, 01:58 PM)penguinkeeper Wrote: Which -m number are you using?
I'm using -m 1000
Perfect, yeah. -m 1000 has the encoding problems I mentioned earlier. NTLM is MD4(UTF16-LE($plain)) and the optimised version doesn't do the UTF16-LE step fully, it takes a shortcut so that especially non-ASCII characters aren't hashed properly and therefore don't get cracked. I'd strongly recommend using pure only if possible and if you know there's a chance there can be multibyte/non-ASCII characters in any of the plains. There is already a Github issue for this, to better explain to the user the limitations.
https://www.github.com/hashcat/hashcat/issues/3958
Very interesting but these passwords don't contain special characters. I suppose, I found another reason : very old passwords. With these ones, the hash algorithm was probably different. We have an Active Directory that was set more that 10 years ago.