How do i crack cryptic NTLM Hashes?
#1
Hey, i have an issue. Because i am currently to lazy to write it again, i'll just Copy and Paste the issue from the Hak5 Discord.

Hey, we have 2 NTLM Password Hashes Left from our yearly Testing at the Company. I wasn't able to get them with Rainbowtables, because they are Probably 12digits or more and Cryptic. So Approximatly Something like 20 digits and -'s #'s and number aswell as Capitalized and small Letters. So really cryptic. What would you try to crack these? The Guy already won(usually whose Password lasts the longest wins something) but i still wanna get him. So what would you try first? I have an 220GB SSD or an 2TB Harddrive free for the Lists/Rainbow tables. Until now i tried OPHCrack with some Standard Rainbow Tables and also some "Professional" ones.(from OPHCrack Devs themselves).


So, how would you try to crack them? I already tried it with hashcat, but the Wordlists i used found nothing.
Reply
#2
if the password is really "random" like from a pw generator there seems to be no attack vector which will be (likely) sucessful other than bruteforcing, maskattack

BUT without really knowing how long the password is 12, 16, 18 and so on you will be maybe cracking longer than your, my or the lifetime of our universe (at least today)
Reply
#3
(03-06-2021, 01:11 PM)Snoopy Wrote: if the password is really "random" like from a pw generator there seems to be no attack vector which will be (likely) sucessful other than bruteforcing, maskattack

BUT without really knowing how long the  password is 12, 16, 18 and so on you will be maybe cracking longer than your, my or the lifetime of our universe (at least today)

I know that its hard, but what gives me hope is, that i cracked one of the other Passwords which were Kinda cryptic. (with OPHCrack Rainbowtables xD)

So, what would you try? i know the Password he used last year. It was probably generated.
Reply
#4
(03-06-2021, 01:54 PM)CreepyLP Wrote: So, what would you try? i know the Password he used last year. It was probably generated.

get the length of this password, if this password was cracked , then he maybe added some more chars for his new one
take a look at his old password, some pw generators can have some speacial  "anti-ambiguous" rules like no "i l o 0" and so on (YES/NO)?
use a pw generator to generate candidates > list + some rules and well good luck

OR

dont know whether this is possible anymore, on older windows versions it was possible to reactivate the generation of LM-hash for compatiblitiy reasons, with this really weak hash you could get the first 14 chars from his password really fast, but i think this would be no good idea on a company network
Reply
#5
(03-07-2021, 12:15 AM)Snoopy Wrote:
(03-06-2021, 01:54 PM)CreepyLP Wrote: So, what would you try? i know the Password he used last year. It was probably generated.

get the length of this password, if this password was cracked , then he maybe added some more chars for his new one
take a look at his old password, some pw generators can have some speacial  "anti-ambiguous" rules like no "i l o 0" and so on (YES/NO)?
use a pw generator to generate candidates > list + some rules and well good luck

OR

dont know whether this is possible anymore, on older windows versions it was possible to reactivate the generation of LM-hash for compatiblitiy reasons, with this really weak hash you could get the first 14 chars from his password really fast, but i think this would be no good idea on a company network

Oh, this really IS helpful! I mean, it is Windows 7 so, maybe that will work.
Reply
#6
So, I researched that a bit, and it seems like that won't be possible. BUT, as I know he typed in that Password every day and kinda fast I would think, that it maybe is shorter. We will see. Currently downloading some really massive word lists.
Reply