Should I use deskey_to_ntlm on result?
Hello all,

So I've got NetNTLMv1 credentials and used to crack them because it would take TOO much time if I try to do it with my rig..

However, I'm a bit confused and want to confirm that my understanding is correct.. The end result of (what they call the key) is the actual NTLM hash right? If I have that hash, is it possible to confirm it using hashcat?

I think that it is the NTLM hash but just need a confirmation before I start trying to crack it.. The reason why I think that it is the NTLM hash is because the last four chars are identical to the PT3 segment I received from chapcrack..

P.S. why did I get confused in the first place? Because online cracking tools told me that the hash I have is 'unknown' type, and because the hash-identifier tool on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) puts NTLM as one of least possible candidates for that hash
Or just test an attack on the hash using -m 5500 and see if it works.
(12-03-2019, 03:43 PM)slyexe Wrote:
Or just test an attack on the hash using -m 5500 and see if it works.

The hash is 32 characters and thus is not a -m 5500 hash.. I'll explain the steps I took using hashes from the example_hashes page to stick to the rules..

First, I got a challenge/response via WPA2 Enterprise attacking method.. 

Then, I submitted the hash to page and they replied (success) with what they called a "key".. The key is 32 chars length and ends with the four characters (e.x. 5a5a).. Those four characters were familiar to me because I saw them as PT3 when I used chapcrack.. 

Question 1: is key == final NTLM hash to be used for PTH?

Hope this clarifies it because it's already clear to me that "key" is not a NetNTLMv1 hash but it is not clear to me whether or not further steps should be taken to make this key usable. By further steps I mean something like this: