LM & NTLMv1 + challenge

[jason81]

Hi!
I'm experimentig with some old SMB test captures. I have LANMAN (LM) and NTLM hashes too, with challenge. Back in time, Cain can attack LANMAN hashes, and then attack the NTLM using the known UPPERCASE pass. 

How can I do it with Hashcat?

I can use -m 5500, (NetNTLMv1 / NetNTLMv1+ESS) but just for the NTLM part. How can Hashcat recover the LM part (7 UPPER chars+1...7 UPPER chars) ?

Sample capture:

Code:

::USER:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF:0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF:0123456789ABCDEF

I also tried other modes, like -m 3000, but no luck. Formating the capture to a Hashcat compatible way was a task too.
By the way, John can perform this attack out of the box....

Thankyou!

[Snoopy]

yeah, split the lm from the ntlm part, i think the reason why there is no such combined attack in hashcat, lm is obsolete for a very long time na dhashcat is very specialized

afterwards i would take the 7 part output and use a simple combine (combine the output with itself as the input) + rule attack (be sure there are standard rules like toggle word combined with toggle first char, as most passes will probably start with an uppercase)

i also made a simple python script which outputs every combination upper, lower, but mostly i dont need this script

you can also attack each lm on its own, this way you could see the two 7 char parts which belong to each other or you have to take a look yourself after cracking als parts

[Chick3nman]

Attacking the LM Challenge Response in NetNTLMv1 is fairly uncommon and thus not implemented in hashcat. I've recently gone back and did a PoC for this exact attack but I've not pushed it to master yet. Seeing that there are others doing this too, I guess I'll have to finish it up and add it as a separate mode.

[jason81]

Wow! Thankyou for the fast replay, with good news! A LM challenge-response mode would be very nice.
I can help with testing if needed!
 

Attacking the LM Challenge Response in NetNTLMv1 is fairly uncommon and thus not implemented in hashcat. I've recently gone back and did a PoC for this exact attack but I've not pushed it to master yet. Seeing that there are others doing this too, I guess I'll have to finish it up and add it as a separate mode.

[jason81]

Attacking the LM Challenge Response in NetNTLMv1 is fairly uncommon and thus not implemented in hashcat. I've recently gone back and did a PoC for this exact attack but I've not pushed it to master yet. Seeing that there are others doing this too, I guess I'll have to finish it up and add it as a separate mode.

Do You happen to have any update on this?

[Chick3nman]

Attacking the LM Challenge Response in NetNTLMv1 is fairly uncommon and thus not implemented in hashcat. I've recently gone back and did a PoC for this exact attack but I've not pushed it to master yet. Seeing that there are others doing this too, I guess I'll have to finish it up and add it as a separate mode.

Do You happen to have any update on this?

It's not currently released, apologies. I try to only release things in a relatively polished state so I've got quite the backlog of half finished stuff. This is also a little further complicated by the ESS/SSP hashes that do not contain a valid LM challenge response. I've not yet decided how to handle those hashes and if I should trust the user to know better or if I should try and parse the hash to reject them in the module parser.

[jason81]

It's not currently released, apologies. I try to only release things in a relatively polished state so I've got quite the backlog of half finished stuff. This is also a little further complicated by the ESS/SSP hashes that do not contain a valid LM challenge response. I've not yet decided how to handle those hashes and if I should trust the user to know better or if I should try and parse the hash to reject them in the module parser.

Hi!
If there is no vaild response, it may simply indicate a wrong password. If think we can filter it out, as with the NTLM version. Even John can not tell, and try to attack such hash with no success. Hope that helps a bit.  Tell me if I can help you with testing!

[jason81]

It's not currently released, apologies. I try to only release things in a relatively polished state so I've got quite the backlog of half finished stuff. This is also a little further complicated by the ESS/SSP hashes that do not contain a valid LM challenge response. I've not yet decided how to handle those hashes and if I should trust the user to know better or if I should try and parse the hash to reject them in the module parser.

Do You have any news about developement?

[Chick3nman]

This isn't high on my priorities, sorry. It's become very economical to reverse the NTLMv1 to the NT hash, there's little use case for this. It's mostly just novel.

[m1ck3yb33]

hi i am not sure if i am understanding an issue i am facing. I am thinking what you are talking about here relates to it.

i am trying to reverse an NTLMv1 to NTLM, using the --lm flag with responder.
but the hash i get after completing the downgrade does not give me any of the expected parameters, the format of the hash itself is different to what crack.sh's examples show.

what the examples show:
username::hostname:response:response:challenge


what my hash looks like:
username::hostname:challenge:response:response

the second response i get is 2.5 times larger than the first response, i.e:

user::host::1122334455667788:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY


hashcat also identifies it as an ntlmv2 hash when in autodetect mode, strangely - if i dont downgrade and get the NTLMv2 hash, these are both vastly different with the NTLMv2 looking like an NTLMv2 should (alot longer). So im not sure if there has been some patching applied where it spits out some garbage instead, or if this is a different type of NTLMv1 hash variation? None of the ntlm reversing tools are successful, even if i rearrange the challenge to be at the end instead of the start.

Any help in understanding where i am at? and why the hash structure is different/whether anything can be done about it, would be greatly appreciated
thankyou