Help understanding NetNTLMv2
#1
So just trying to grok how hashcat does the cracking around the NetNTLMv2  hash and could use some help getting straightened out.

What parts of a captured NetNTLMv2 hash are necessary for hashcat to work correctly?

I was reading up on the algorithm and it seems like everything captured is required; username, domain, and the challenge. I'm guessing then that hashcat takes the working pw candidate, ntlm hashes it, and builds out the full NetNTLMv2 hash for comparison based on the other fields.

Can any of the fields be sanitized without breaking the process, like perhaps hashcat is pulling data out of the blob?

The code is a bit over my head, so a breakdown would be appreciated. Smile


Thanks!
Reply
#2
Best way to explain: https://github.com/hashcat/hashcat/blob/...l#L46-L107
Reply