Question: How to generate the value to feed the Hashcat NTLMv2 hash cracker

Question

Question: How to generate the value to feed the Hashcat NTLMv2 hash cracker

Closed this issue 7 years ago · 4 comments

++++++++++++here is an example of what I got:++++++++++++++
username: username
challenge: ch:5e:fz:c0:0z:a0:zc:0z
response: re:3a:c3:dz:z4:40:zz:e8:z0:zf:z4:zz:3f:az:04:z0:zc:z3:zz:0f:zz:e4:8z:c5
jtr NETNTLM: username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5

++++++++++++what hashcat needs:++++++++++++++
Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)

++++++++++++what I am missing:++++++++++++++
Not sure. But I am expecting challenge, response and another thing.

Thank you!

Answer 1 · 2018-06-27T17:44:09.000Z

``` username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5 ``` That is it.

Answer 2 · 2018-06-27T20:02:37.000Z

Thanks for the reply...
Unfortunately, according to --https://hashcat.net/wiki/doku.php?id=example_hashes--, I have to make up something to fill in the command. Sorry if it is a stupid question. But may I know which hash cracker code(Ex. 5600) should I use/ what the command should be like?

5600 | NetNTLMv2 | admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

Thank you for your help.

Answer 3 · 2018-06-28T06:58:14.000Z

john --format=netntlm hashes.txt --fork=4

hashes.txt

username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5

Answer 4 · 2018-06-28T19:04:38.000Z

Thank you!