hashcat Forum Support hashcat v
Lotus Note User ID Hashing

Thread Closed 
Threaded Mode
Lotus Note User ID Hashing
thedorkknight Offline
Junior Member
**
Posts: 5
Threads: 2
Joined: May 2018
#1
05-28-2018, 11:15 AM
Hi

I have a Lotus User ID password in which I need to crack open.

Have no idea of the version nor password length since it was used a long time ago in the office.

The problem is my hashing results with "lotus2john.py" is nowhere close to the examples given in the page:

lotus2john.py user.id

user.id:6247FE2575XXXXXXXXEB73CF63EECEB719XXXXXXXXF2A202FE23A29BXXXXXX9BA06DBC792191XXXXXX86697B14D36F394C67XXXXXXXX668F

Hopefully someone can help.
Find
royce Offline
Moderator à la mode
******
Posts: 930
Threads: 4
Joined: Jan 2015
#2
05-28-2018, 04:37 PM (This post was last modified: 05-28-2018, 04:37 PM by royce.)
It's possible that hashcat's format is a little different in its conversion, but I'm not sure what the difference might be.

It's also possible that it's a slightly newer version or variant. Do you know what version of Lotus it is? If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8).

Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?
~
Find
thedorkknight Offline
Junior Member
**
Posts: 5
Threads: 2
Joined: May 2018
#3
05-30-2018, 04:47 AM
(05-28-2018, 04:37 PM)royce Wrote: If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8). 
Yes. No idea about the version of Lotus used.

(05-28-2018, 04:37 PM)royce Wrote: Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?
No access to the platform, I'm trying to access the files using a trial copy of Lotus Notes 8.5.

I've created a user ID with the password 'hashcat', and hashing using lotus2john give me the results with the same number of characters:

user.id:67CB83F48C62EF662656FF0945EAB77DD30017703384B627494DEAACFB6349C1AA71D16E3317EA6FCBF6E4C1F07F45EE3C8343081EE1DA2B

Hope it helps.
Find
royce Offline
Moderator à la mode
******
Posts: 930
Threads: 4
Joined: Jan 2015
#4
05-30-2018, 05:40 AM
Huh - if the trial copy produces hashes of the same type, then this may indeed simply be a new variant.

Please create an issue on hashcat's GitHub here:

https://github.com/hashcat/hashcat/issues/new

... and include the Lotus version, the plain, the produced hash, and more about your use of lotus2john - where you got it from, and the procedure that you followed to extract the hash.
~
Find
thedorkknight Offline
Junior Member
**
Posts: 5
Threads: 2
Joined: May 2018
#5
05-30-2018, 06:38 AM
Will do. Thanks for your help, Royce.
Find
royce Offline
Moderator à la mode
******
Posts: 930
Threads: 4
Joined: Jan 2015
#6
05-30-2018, 06:53 AM
Not sure how much help I was ... but you're welcome, just the same. Big Grin
~
Find
Thread Closed