06-24-2017, 12:37 AM
While messing about with cracking some LM hashes using rainbow tables I wanted a way to crack the case of the letters. Hashcat was the obvious choice since I knew it had the toggle case rules.
But my server which I use for the rainbow table cracking is a really old Sony laptop nailed to the wall. So it has a big problem:
cat /proc/cpuinfo | fgrep model\ name
model name : Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
So no chance of openCL which means no chance of the nice shiny wonderful new merged Hashcat since it needs it.
I could use an older version but old versions were time bombed to force people to update. Which I think sucks. But it is true. Most people really do need a kick to get them to update.
Its possible to change the clocks back but that's just not good IMO.
Enter: libfaketime - spoof whatever time you want at runtime for only the program you're running!
So I chose Hashcat 0.49.
Simply install libfaketime:
sudo apt install libfaketime
and then use it with LD_PRELOAD like so:
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")
No need to guess when it was usable. Just toss in the modify date of the binary.
That will toggle the case of all the letters and voila, the corresponding NTLM hash from LM on old hardware from the stone age!
The faketime tool is another option:
sudo apt install faketime
and then:
faketime -f "@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")
Not sure who in their right mind would be using LM hashes these days but I was bored and wanted to use my old rainbow tables to go from LM to NTLM.
But my server which I use for the rainbow table cracking is a really old Sony laptop nailed to the wall. So it has a big problem:
cat /proc/cpuinfo | fgrep model\ name
model name : Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
So no chance of openCL which means no chance of the nice shiny wonderful new merged Hashcat since it needs it.
I could use an older version but old versions were time bombed to force people to update. Which I think sucks. But it is true. Most people really do need a kick to get them to update.
Its possible to change the clocks back but that's just not good IMO.
Enter: libfaketime - spoof whatever time you want at runtime for only the program you're running!
So I chose Hashcat 0.49.
Simply install libfaketime:
sudo apt install libfaketime
and then use it with LD_PRELOAD like so:
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")
No need to guess when it was usable. Just toss in the modify date of the binary.
That will toggle the case of all the letters and voila, the corresponding NTLM hash from LM on old hardware from the stone age!
The faketime tool is another option:
sudo apt install faketime
and then:
faketime -f "@$(stat -c %y hashcat-cli64.bin)" ./hashcat-cli64.bin -m 1000 -a 2 <(printf "NTLM_HASH") <(printf "CRACKED_LM_PLAINTEXT")
Not sure who in their right mind would be using LM hashes these days but I was bored and wanted to use my old rainbow tables to go from LM to NTLM.