[HELP] What's the input format of NTLM when using hashcat-plus ?
#1
Hello all,i know my question is stupid but i really want to know what's the format of NTLM when using hashcat-plus to crack ? i usually using JTR to crack NTML with format like this (Administrator:500:XXXXXXXXXXXXXXXXe08f82d6d2a3d8a6:XXXXXXXXXXXXXXXX6bc90ee0d60c6adf:::) ,but it not run in hashcat
please help me


Thank
#2
Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM
#3
(02-06-2013, 03:32 PM)Kuci Wrote: Well, you should know how pwdump format works.
Code:
User:UID:LM:NTLM

so,if crack window password,i just need crack this string (XXXXXXXXXXXXXXXX6bc90ee0d60c6​adf) with NTLM Algorithms ?

Thank !
#4
Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.
#5
lm has no lower-case letters. all letters are converted to uppercase. lm has a total keyspace of 69^7.
#6
Oh, I forgon, but lowercased chars are converted to uppercase.
#7
but not with hashcat they're not. you need to manually do all the uppercase conversions with hashcat.
#8
Well, this is in oclHashcat-plus forum, so the oclHashcat-plus is meant. But good to know.
#9
i'm using the word 'hashcat' to refer to any hashcat product.
#10
Sr all,i bust few day , first i want to say "THANK" to all of you,i have some question about this problem

(02-07-2013, 07:55 AM)Kuci Wrote: Well, I see, LM is enabled. In aspect of time it's more advantageous to crack LM than NTLM, because LM is limited to 14 characters, it's made of two hashes with max. lenght of 7 characters. So, you can split your LM into two hashes in half.
Code:
XXXXXXXXXXXXXXXX
e08f82d6d2a3d8a6
Remember, both are long up to 7 characters, so if password is 14 characters long and you would try to bruteforce these hashes with small letters and numbers, there are 36^7 of combinations and you can crack both in one row. If you would use NTLM and your password would be 14 characters long, there are 36^14 combinations with same mask.
i did like you said (you can split your LM into two hashes in half.),but it's not run,if i don't mistake , it's alert "wrong format" when i split LM hash

Thank