03-28-2016, 01:17 PM
Hello.
I used this very good tool for testing security threads on solutions for our customer. About week later i try do penetration test for MS VPN (NetNTLMv2).
I setup scenario with "MIDM" and catch challenge and response for autentification with Wireshark. Now, real challenge start with right assemble this information to format acceptable by Hashcat .
I not realize this before, it seems, that i am do something wrong, but i am not able find this mistake.
So. situation is below:
I run script "crack_vpn.sh" (for easy edit and place comments for my colleagues)
test_enc.txt (maybe in this format i do mistake, for security reason i not place some information)
I am not sure with 1122334455667788. How can i check it from Wireshark?
Hashcat result:
My colleague do connect and i am sure, that he set his password for only 6 digit (1 milion possibilities). Hashcat accept format of this input file, but not calculate password .
Hash should be OK, i try do this capture in our customer and hashes looks similar.
Many thanks for any effort.
I used this very good tool for testing security threads on solutions for our customer. About week later i try do penetration test for MS VPN (NetNTLMv2).
I setup scenario with "MIDM" and catch challenge and response for autentification with Wireshark. Now, real challenge start with right assemble this information to format acceptable by Hashcat .
I not realize this before, it seems, that i am do something wrong, but i am not able find this mistake.
So. situation is below:
I run script "crack_vpn.sh" (for easy edit and place comments for my colleagues)
Code:
./hashcat-cli64.bin -a 3 -m 5600 /home/shared/hashcat/INPUT/test_enc.txt ?d?d?d?d?d?d -o /home/shared/hashcat/OUTPUT/test_dec.txt
test_enc.txt (maybe in this format i do mistake, for security reason i not place some information)
Code:
<user_name>:<domain>:<name_of_user's_pc>:1122334455667788:2ad388f256aae4a7fa63132247f3c111:cc1d54076bd8346bb46fc7bbf546902700000000000000004647457df074a6c266586afac7eeba645ffe4037ce38205a00
I am not sure with 1122334455667788. How can i check it from Wireshark?
Hashcat result:
Code:
XXX@LinuxUbuntu hashcat$ ./crack_vpn.sh
Initializing hashcat v2.00 with 4 threads and 32mb segment-size...
Added hashes from file /home/shared/hashcat/INPUT/test_enc.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt
[s]tatus [p]ause [r]esume [b]ypass [q]uit =>
Input.Mode: Mask (?d?d?d?d?d?d) [6]
Index.....: 0/1 (segment), 1000000 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 3.40M plains, 3.40M words
Progress..: 1000000/1000000 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Mon Mar 28 12:54:48 2016
Stopped: Mon Mar 28 12:54:49 2016
My colleague do connect and i am sure, that he set his password for only 6 digit (1 milion possibilities). Hashcat accept format of this input file, but not calculate password .
Hash should be OK, i try do this capture in our customer and hashes looks similar.
Many thanks for any effort.