Status exhausted always, word in my dictionary, ntlmv2
#1
Hey guys,

I keep trying to crack my ntlmv2 hash

This is the command im usuing...
hashcat64.exe -m 5600 D:\Crack\hash2crack\kpeezy.txt D:\Crack\Wordlist\test1.txt -o D:\Crack\cracked.txt

I have actually put the matching password in my word list but the status always says exhausted.

(some other commands i have tried)
hashcat64.exe -a 3 -m 5600 -o D:\Crack\cracked.txt D:\Crack\hash2crack\kpeezy.txt D:\Crack\Wordlist\rockyou.txt

hashcat64.exe -m 5600 D:\Crack\hash2crack\kpeezy.txt D:\Crack\Wordlist\test1.txt -o D:\Crack\cracked.txt

hashcat64.exe -a 3 -m 5600 D:\Crack\hash2crack\kpeezy.txt ?l?l?l?l


I'm completely stuck, been searching the internet like a mad man and no luck. i apologize if this is a simple fix i could have found somewhere else.

Thanks alot,
Kyle

Here my output

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 980, 1024/4096 MB allocatable, 16MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable Optimizers:
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt

Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c

Cache-hit dictionary stats D:\Crack\Wordlist\test1.txt: 4 bytes, 1 words, 1 keyspace

The wordlist or mask you are using is too small.
Therefore, hashcat is unable to utilize the full parallelization power of your device(s).
The cracking speed will drop.
Workaround: https://hashcat.net/wiki/doku.php?id=fre...full_speed

INFO: approaching final keyspace, workload adjusted

Session..........: hashcat
Status...........: Exhausted
Hash.Type........: NetNTLMv2
Hash.Target......: xxxx::xxxx:xxxx:xxxx:xxxx
Time.Started.....: Fri Mar 24 17:21:52 2017 (0 secs)
Time.Estimated...: Fri Mar 24 17:21:52 2017 (0 secs)
Input.Base.......: File (D:\Crack\Wordlist\test1.txt)
Input.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (0.04ms)
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 1/1 (100.00%)
Candidates.#1....: star -> star
HWMon.Dev.#1.....: Temp: 34c Fan:  0% Util: 22% Core:1265MHz Mem:3004MHz Lanes:16

Started: Fri Mar 24 17:21:50 2017
Stopped: Fri Mar 24 17:21:53 2017
#2
Try again with example hash from hashcat wiki to make sure your installation is working.
#3
So i tried again with the hashcat example and had success. Must be something im doing. 

Also the hash i have from my windows is way longer than the hashcat example.Do you think I'm maybe getting a bad hash? I'm using the new BashBunny QuickCreds to get them but have also tried QuickCreds on the LanTurtle and got the same results.

Any ideas?

Thanks alot!
#4
I have no clue what BashBunny, QuickCreds or LanTurtle is. However, the length of the password with hashcat is limited, see here for details: https://hashcat.net/wiki/doku.php?id=fre...ord_length

You can also use the rejected counter in the status display. If it says 0, it's not rejected and was tested.
#5
sorry about that lol. Thank you for your help, just gonna keep messing with it.
#6
Hey kpeezy,

did you manage to find out the reason? I have the same problem, did this in a test lab environment.

The hashcat-machine works, as the example key is cracked seamlessly. My hash is also identical to the example hash regarding the structure, but the char-lenght of the last string is 460 chars which differs from the 106 char-lenght in the example hash.

Fetched the hash with lastest responder by lgandx. Logs states that the hash is a smbv2/NTMLv2-SSP hash.

Loaded in john 1.8.0.6-jumbo1 and it identifies as netntmv2, NTMLv2 Challenge/Response (MD4 HMAC-MD5 32/64). Still also unable to crack it even with correct pw in wordlist.

I wonder if the -SSP extension is uncrackable right now? Or is there any way to "compress" my 460 char string to the 106 char string which would be like the example?

--EDIT: nvm my post, fetched some more hashes. Don't know what happened to the first ones, but the latest ones we're cracked in a blink of an eye.
#7
Bug 
Hey Hydra,

Dude i have not been able to figure out whats going on. I had asked a buddy about this stuff who is pretty good, he couldn't even crack the hash. He told me it must be a bad hash somehow someway. I did the same thing as you, the example hash cracks just fine. I got lucky with one that successfully cracked but i honestly couldn't tell the difference between that hash and another, not sure why some do not work, even on jack the ripper.

Im using a bashbunny to get the hashses and am wondering if there is something wrong with the way they are grabbing them? not sure yet though. Still waiting for someone to reply on another forum about that to see if someone else is getting the same problem.

But if in the mean time if i find anything ill be sure to let you know.