Hashes from hostapd-wpe - MSCHAPv2 - Challenge and Response
#1
Hello everyone!

Could you please help me to crack MSchapv2 captured using hostapd-wpe ?

#Test hash#

mschapv2: Tue Nov 21 14:48:49 2017
username: marcelo
challenge: a1:xx:xx:b5:6a:xx:xx:cb
response: aa:32:4x:xx:x0:ce:25:d9:7x:xx:x1:d9:6a:f5:80:14:ex:xx:xf:01:6f:xx:xx:8f
jtr NETNTLM: marcelo:$NETNTLM$a1xxxxb56axxxxcb$aa324xxxx0ce25d97xxxx1d96af58014exxxxf016fxxxx8f mschapv2: Tue Nov 21 14:49:16 2017


Hi guys does anyone know how to crack mschapv2? I've tried using -m 5500, but my hash (string) is not compatible, it seems I'm missing a 3rd part of it. I basically have challenge and response.

The closest I got was to this threat https://hashcat.net/forum/archive/index....-2563.html, but still did not find how to convert my hash to hash cat format. 

They say execute the command below, but where should I pass my string (challenge and response)?

perl -ne '/(.*?):\$.*?\$(.*?)\$(.*)/; print "$1::::$3:$2\n";'

Thanks everyone.
Reply
#2
echo 'marcelo:$NETNTLM$a1xxxxb56axxxxcb$aa324xxxx0ce25d97xxxx1d96af58014exxxxf016fxxxx8f' | perl -ne '/(.*?):\$.*?\$(.*?)\$(.*)/; print "$1::::$3:$2\n";'


marcelo::::aa324xxxx0ce25d97xxxx1d96af58014exxxxf016fxxxx8f:a1xxxxb56axxxxcb


hashcat64.exe -m 5500 -a 0 marcelo::::aa324xxxx0ce25d97xxxx1d96af58014exxxxf016fxxxx8f:a1xxxxb56axxxxcb example.dict
Reply
#3
Thank you so much. Worked fine.

edit by philsmd:
stop posting hashes. It is against the forum rules. do not use 2 accounts to post
Reply
#4
(11-23-2017, 02:24 AM)alexpache Wrote: Thank you so much. Worked fine.

edit by philsmd:
stop posting hashes. It is against the forum rules. do not use 2 accounts to post

Only reason I replied with those hashes is the plaintext was in example.dict and was aa[redacted]aa, came back in 30 seconds so I believe it was a test hash like what was in the example hashes
Reply