Module 5500 - different results for same hash (with or without client challenge part)
I guess this is just because you didn't test with the correct password candidate.

hashcat only tries the passwords that you tell it to run.
Maybe this specific hash is harder to crack and you need to use some rules (-r) or use a small mask attack (-a 3).

btw: the hash from the hostapd-wpe github project: i.e. formatted like this (masked with X)

password: bradtest

... cracks perfectly fine!

this also doesn't use any client challenge, but it still cracks perfectly fine.

You could also easily set up a test system and try to create and dump your own hashes, but I guess it's better to just keep cracking Wink

BTW: I think my answers above (I just noticed it now) could be a little bit confusing about when the domain is used within the algorithm... only -m 5600 (netntlmv2) uses the domain within the algorithm (while -m 5500 does not):

Messages In This Thread
RE: Module 5500 - different results for same hash (short vs full format) - by philsmd - 04-19-2019, 11:44 AM