Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Can hashcat crack NTLMSSP ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,

During a pentest I captured out a NTLMSSP "hash" Does oclhascat crack NTLMSSP ?

https://msdn.microsoft.com/en-us/library/...85%29.aspx
https://en.wikipedia.org/wiki/NTLMSSP

Quote:GET https://www.xxxx.xxx/ HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Cookie: xxxxxx
Accept-Encoding: gzip
Host: www.xx.xx

Proxy-Authorization: NTLM TlRMTVNTUAADAAAA/some base64 encoded stuff here/

Thank you.
hashcat isn't able to crack it, no. and i'm not 100% positive, but i don't think you have enough here to crack anyway. ntlm c/r is a four-way handshake, you only have one of the pieces. i also believe that you need to be the one to initiate the challenge, using a specially crafted challenge that you control. i think most people use metasploit, ettercap, c&a, or something along those lines to automate the process. i think there are also scripts out there that will parse out the necessary bits from a pcap file.
Ok.
And what if I retrieved the complete four-way exchange ? How could I crack it ?
maybe try https://github.com/psychomario/ntlmsspparse and see if that doesn't put it into a format that jtr can recognize. i think jtr jumbo supports ntlm c/r.
I do not really understand why is it so hard to crack such hashes.

Does Cain&Abel use some secret and very complicated algorythm, that cannot be recreated?