06-24-2018, 02:29 PM
Good day, everyone.
I try to crack NTLMv2 hash with the help of hashcat. My two virtual machines communictate with each other and authenticate with the help of NTLMv2. I use wireshark to catch all fields of NTLM authentication.
The main structure of the unit to crack looks like that:
Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)
So, in packets that i watch in WireShark, i can find almost all filed, except NTLMv2hash and the blob (two last field).
Could you please explain me, where to find them, or how should i do in this situation?
I try to crack NTLMv2 hash with the help of hashcat. My two virtual machines communictate with each other and authenticate with the help of NTLMv2. I use wireshark to catch all fields of NTLM authentication.
The main structure of the unit to crack looks like that:
Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)
So, in packets that i watch in WireShark, i can find almost all filed, except NTLMv2hash and the blob (two last field).
Could you please explain me, where to find them, or how should i do in this situation?