Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Can`t find NTLMv2 Hash
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Good day, everyone.
I try to crack NTLMv2 hash with the help of hashcat. My two virtual machines communictate with each other and authenticate with the help of NTLMv2. I use wireshark to catch all fields of NTLM authentication.


The main structure of the unit to crack looks like that:


Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)

So, in packets that i watch in WireShark, i can find almost all filed, except NTLMv2hash and the blob (two last field).
Could you please explain me, where to find them, or how should i do in this situation?
In my experience, when I capture an NTLMv2 hash, the output explicitly says that. So maybe you're not capturing them?
I think most people don't use wireshark to capture NTLMv2 (but should be possible), they use some sort of layer 2 attack tools or modified samba services.