Hi hash-experts!
I need some help getting together the best command line approach for bruteforcing a tricky LM hash. The thing is, that I've tried using LM hash tables of up to 339 GB, without any luck. So it's probably something about the codepage/charset used.
I'm pretty sure the hash has been created with some special language chars, like in Denmark we use Æ, Ø and Å regularly (those are UPPER case, but I'm not sure whether the LM algorithm would treat them as regular english chars, their LCASE are respectively æ, ø and å). I can't be sure, but I'd like to use my own list af possible chars/special chars in the command line.
I have both the LM (clearly not empty) and the NT hash, but of course I'll try to break the LM instead of NT.
The LM is apparently longer than 7 chars, as the last part of the hash is not "aad3b435b51404ee". So I guess, that I'm looking at a pwd between 8 and 14 chars.
Would I attack the LM in 2 parts, like maybe the first part shows me "PASSWOR" and I could try to guess the rest? Or will I attack the entire LM hash at once?
I know, that I will need the "-m 3000" switch for LM. I also need UPPER case letters and digits. Further more I'll need special chars - like the mentioned danish chars.
Regarding special chars... Which of those would require en escape char to work within a Windows cmd prompt?
I need some help getting together the best command line approach for bruteforcing a tricky LM hash. The thing is, that I've tried using LM hash tables of up to 339 GB, without any luck. So it's probably something about the codepage/charset used.
I'm pretty sure the hash has been created with some special language chars, like in Denmark we use Æ, Ø and Å regularly (those are UPPER case, but I'm not sure whether the LM algorithm would treat them as regular english chars, their LCASE are respectively æ, ø and å). I can't be sure, but I'd like to use my own list af possible chars/special chars in the command line.
I have both the LM (clearly not empty) and the NT hash, but of course I'll try to break the LM instead of NT.
The LM is apparently longer than 7 chars, as the last part of the hash is not "aad3b435b51404ee". So I guess, that I'm looking at a pwd between 8 and 14 chars.
Would I attack the LM in 2 parts, like maybe the first part shows me "PASSWOR" and I could try to guess the rest? Or will I attack the entire LM hash at once?
I know, that I will need the "-m 3000" switch for LM. I also need UPPER case letters and digits. Further more I'll need special chars - like the mentioned danish chars.
Regarding special chars... Which of those would require en escape char to work within a Windows cmd prompt?