NTLM Hash issues
#1
Hi Guys, 

Just a quick one, I can't seem to work it out.

I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.

The hash is seen as correct, and viable within Hashcat, but it's not valid.

This is the example NTLMV2 from Hashcat, which works fine:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030   (Processes to "hashcat")

This is my capture with some details adjusted so that it remains private:

REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$

So why is this happening? The only thing I could think is that it's on a domain, it's a lot shorter, and the server challenge is spoofed, but Hashcat starts calculating it. (I've been given permission to do this, so don't worry)
 
Thanks in advance.
#2
how are you running hashcat? What switches are you using? Any outputs you can share?