Should I use deskey_to_ntlm on crack.sh result?
#1
Hello all,

So I've got NetNTLMv1 credentials and used crack.sh to crack them because it would take TOO much time if I try to do it with my rig..

However, I'm a bit confused and want to confirm that my understanding is correct.. The end result of crack.sh (what they call the key) is the actual NTLM hash right? If I have that hash, is it possible to confirm it using hashcat?

I think that it is the NTLM hash but just need a confirmation before I start trying to crack it.. The reason why I think that it is the NTLM hash is because the last four chars are identical to the PT3 segment I received from chapcrack..


P.S. why did I get confused in the first place? Because online cracking tools told me that the hash I have is 'unknown' type, and because the hash-identifier tool on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) puts NTLM as one of least possible candidates for that hash
Reply
#2
https://hashcat.net/wiki/doku.php?id=example_hashes
Or just test an attack on the hash using -m 5500 and see if it works.
Reply
#3
(12-03-2019, 03:43 PM)slyexe Wrote: https://hashcat.net/wiki/doku.php?id=example_hashes
Or just test an attack on the hash using -m 5500 and see if it works.

The hash is 32 characters and thus is not a -m 5500 hash.. I'll explain the steps I took using hashes from the example_hashes page to stick to the rules..

First, I got a challenge/response via WPA2 Enterprise attacking method.. 

Then, I submitted the hash to crack.sh page and they replied (success) with what they called a "key".. The key is 32 chars length and ends with the four characters (e.x. 5a5a).. Those four characters were familiar to me because I saw them as PT3 when I used chapcrack.. 

Question 1: is key == final NTLM hash to be used for PTH?

Hope this clarifies it because it's already clear to me that crack.sh "key" is not a NetNTLMv1 hash but it is not clear to me whether or not further steps should be taken to make this key usable. By further steps I mean something like this: https://github.com/hashcat/hashcat-utils...to_ntlm.pl
Reply