LM hash command
#1
Information 
Hi hash-experts!

I need some help getting together the best command line approach for bruteforcing a tricky LM hash. The thing is, that I've tried using LM hash tables of up to 339 GB, without any luck. So it's probably something about the codepage/charset used.

I'm pretty sure the hash has been created with some special language chars, like in Denmark we use Æ, Ø and Å regularly (those are UPPER case, but I'm not sure whether the LM algorithm would treat them as regular english chars, their LCASE are respectively æ, ø and å). I can't be sure, but I'd like to use my own list af possible chars/special chars in the command line.

I have both the LM (clearly not empty) and the NT hash, but of course I'll try to break the LM instead of NT.

The LM is apparently longer than 7 chars, as the last part of the hash is not "aad3b435b51404ee". So I guess, that I'm looking at a pwd between 8 and 14 chars.

Would I attack the LM in 2 parts, like maybe the first part shows me "PASSWOR" and I could try to guess the rest? Or will I attack the entire LM hash at once?

I know, that I will need the "-m 3000" switch for LM. I also need UPPER case letters and digits. Further more I'll need special chars - like the mentioned danish chars.

Regarding special chars... Which of those would require en escape char to work within a Windows cmd prompt?


Messages In This Thread
LM hash command - by Zilent - 04-05-2014, 01:54 PM
RE: LM hash command - by mastercracker - 04-08-2014, 02:33 AM
RE: LM hash command - by Zilent - 04-08-2014, 07:29 AM
RE: LM hash command - by epixoip - 04-08-2014, 07:54 AM
RE: LM hash command - by Zilent - 04-08-2014, 09:34 PM