Problem with NetNTLM v2 and responder
#1
Dear Hashcat community,

I have a problem which I am not certain where to ask help for (If I am in the wrong place, pleace point me in the right direction).

I have set up a windows 10 testmachine (user Admin, password Administrator).
When I connect the system to a Bash Bunny running responder, my responder catches a nice batch of NetNTLMv2 hashes.

However, when I try to crack the hashes, only a few of them can be cracked with the password Administrator (even though I am 100% certain this is the correct password).
When I try the same thing with John the ripper, exactly the same hashes get cracked.

Therefore I suspect either something is wrong with responder or Microsoft has altered the way NetNTLMv2 hashes are generated (if this is the case, the NetNTLMv2 mode needs to be updated?).
Is there anyone on this forum that has some experience with this issue?

I wanted to post my testhashes here, but I think that isn't allowed by the forum rules (if I am mistaken, please let me know and I will post them).
Reply


Messages In This Thread
Problem with NetNTLM v2 and responder - by Toetje - 01-18-2019, 05:31 PM