(04-18-2019, 08:26 PM)philsmd Wrote: the domain is actually not used in computing the response and therefore can be skipped/ignored/anything, but the client challenge must be specified (e.g. 338d08f8e26de93300000000000000000000000000000000 in the example hash) if used (not empty).
Client challenge is missing. All that i have is: user (string), domain (same as user), response (hash) & challenge (hash):
Code:
mschapv2: Wed Jan 21 11:22:33 2019
domain\username: testuser
username: testuser
challenge: X1:XX:XX:XX:XX:XX:XX:X8
response: Y1:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:Y4I build this hash from it:
Code:
testuser::::Y1YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY4:X1XXXXXXXXXXXXX8HashCat accept it. But it fail to find solution. (pswd should be easy to find, some CTF stuf...) So i start thinking that domain can play some role in it. I have also examples where domain is empty and HashCat find solution without problems ...