lm hash
#1
i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!
#2
(07-05-2015, 10:54 AM)bobva Wrote: i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!
First, you don't need a-z, just A-Z but it's possible that hashcat ignore it anyway (just don't assume it). Second, I doubt that you went up to 7 characters long on CPU. Third, post your command line so that we can make sure everything is o.k.
#3
(07-05-2015, 05:16 PM)mastercracker Wrote:
(07-05-2015, 10:54 AM)bobva Wrote: i get a 20 hash off lm.

i try to crack them with a hashcat all the char A-Z,a-z0-9 and ?s but the hashcat success to crack only 6 password?

how it can be? this is a lm!!
First, you don't need a-z, just A-Z but it's possible that hashcat ignore it anyway (just don't assume it). Second, I doubt that you went up to 7 characters long on CPU. Third, post your command line so that we can make sure everything is o.k.

cudahashcat64.exe -3 a c:\lm-hash.txt ?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a?a -m 3000
cudahashcat64.exe -3 a c:\lm-hash.txt ?a?a?a?a?a?a?a -m 3000
#4
If those are the actual commands you ran, then that would be your problem. "-3 a" defines custom charset 3 as the letter "a", perhaps you meant "-a 3"? You also do not need seven different commands. At the very least you'd use an hcmask file, but in this case you can simply just use increment mode.

Code:
cudaHashcat64 -a 3 -i -m 3000 lm-hash.txt ?a?a?a?a?a?a?a
#5
(07-06-2015, 08:57 AM)epixoip Wrote: If those are the actual commands you ran, then that would be your problem. "-3 a" defines custom charset 3 as the letter "a", perhaps you meant "-a 3"? You also do not need seven different commands. At the very least you'd use an hcmask file, but in this case you can simply just use increment mode.

Code:
cudaHashcat64 -a 3 -i -m 3000 lm-hash.txt ?a?a?a?a?a?a?a

the command is -a 3 not 3 -a..
and i dont found all the password...
#6
Are you sure? Because you just wrote "-3 a" in your post above. The fact that you ran seven different commands doesn't inspire much confidence.

Anyway, let's assume you did run the correct attack. There are several possibilities for why you only cracked three hashes:

- Rest of the passwords all contain characters outside of 0x20-0x7e
- The rest of the LM hashes were blank & were removed by the "weak hash" check (other accounts only had NTLM hashes)
- Hashes were corrupted (https://media.blackhat.com/bh-us-12/Brie...ash_WP.pdf)
#7
Nice paper about the corrupted hashes. This explains a lot of weird things that I was seeing in other's dumps.
#8
Yeah, I think most tools have fixed this by now, but if you're using older copies of the tools or a tool which hasn't yet addressed this problem, then it certainly is a major issue.