(04-18-2019, 07:27 PM)philsmd Wrote: the missing part in your hash is the domain. Do you know the doman of the target ?
both -m 5500 and -m 5600 use the domain within the algorithm, it could be blank (empty string) as far as I know, but if the domain is used by the devices, you need to use it too.
The format for -m 5500 is for instance very simple, just $user::$domain:$client_challenge:$response:$server_challenge
Thank you for your reply :-)
it start make sense now. If domain is part of the calculation, then of course it will not work. Yes there is domain (in my test case is it same string as the user). I check domain part before but it has no sense to me (checked example was not a hex ascii number or hex unicode number). Maybe there is special conversion (domain -> hex number)? Or maybe i can put pure domain string inside hash? (I don't think so) All checked examples have domain set as hex number or was empty. Nobody mention that it can have big importance in hash recovery :-)