Posts: 5
Threads: 2
Joined: May 2018
Hi
I have a Lotus User ID password in which I need to crack open.
Have no idea of the version nor password length since it was used a long time ago in the office.
The problem is my hashing results with "lotus2john.py" is nowhere close to the examples given in the page:
lotus2john.py user.id
user.id:6247FE2575XXXXXXXXEB73CF63EECEB719XXXXXXXXF2A202FE23A29BXXXXXX9BA06DBC792191XXXXXX86697B14D36F394C67XXXXXXXX668F
Hopefully someone can help.
Posts: 930
Threads: 4
Joined: Jan 2015
05-28-2018, 04:37 PM
(This post was last modified: 05-28-2018, 04:37 PM by royce.)
It's possible that hashcat's format is a little different in its conversion, but I'm not sure what the difference might be.
It's also possible that it's a slightly newer version or variant. Do you know what version of Lotus it is? If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8).
Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?
~
Posts: 5
Threads: 2
Joined: May 2018
(05-28-2018, 04:37 PM)royce Wrote: If everything after the colon is a single, uninterrupted string of hex, then it's a 56-byte string, which is pretty close to -m 9100 (Lotus Notes/Domino 8).
Yes. No idea about the version of Lotus used.
(05-28-2018, 04:37 PM)royce Wrote: Do you have access to the platform itself, such that you could hash a known plaintext (like 'hashcat') and post its unredacted hash for analysis?
No access to the platform, I'm trying to access the files using a trial copy of Lotus Notes 8.5.
I've created a user ID with the password 'hashcat', and hashing using lotus2john give me the results with the same number of characters:
user.id:67CB83F48C62EF662656FF0945EAB77DD30017703384B627494DEAACFB6349C1AA71D16E3317EA6FCBF6E4C1F07F45EE3C8343081EE1DA2B
Hope it helps.
Posts: 930
Threads: 4
Joined: Jan 2015
Huh - if the trial copy produces hashes of the same type, then this may indeed simply be a new variant.
Please create an issue on hashcat's GitHub here:
https://github.com/hashcat/hashcat/issues/new
... and include the Lotus version, the plain, the produced hash, and more about your use of lotus2john - where you got it from, and the procedure that you followed to extract the hash.
~
Posts: 5
Threads: 2
Joined: May 2018
Will do. Thanks for your help, Royce.
Posts: 930
Threads: 4
Joined: Jan 2015
Not sure how much help I was ... but you're welcome, just the same.
~