06-10-2019, 11:36 PM
Hi guys, maybe you can help me.
I'm playing with NTLM hashes and i got some unexpected results. I created a file with the hashes ( i generate them in windows, then extracted with mimikatz) below.
ce4f24280e84005c7fe6321d5ad17740
f82df3f90fb55ce458b582489e4c264c
807b2aeaebc79738fca58b366e4b5a7c
I generated a dictionary with the following words (are solution for each hash respectively). *Unix command "file" indicate that the wordlist file is in "UTF-8" format.
š
č
ň
the hex results for each letter respectively are:
c5a1
c48d
c588
then i tried the follow commands without success.
hashcat -a 3 -m 1000 /tmp/my.hashes ?b?b
hashcat -a 3 -m 1000 /tmp/my.hashes --hex-charset c5a1 [tried with the different hex code]
then i tried with john the ripper with the follow command and it works.
./john --format=nt --wordlist=/tmp//test.wordlist /tmp/my.hashes
Using default input encoding: UTF-8
Loaded 3 password hashes with no different salts (NT [MD4 256/256 AVX2 8x3])
Remaining 1 password hashes with no different salts
Warning: no OpenMP support for this hash type, consider --fork=4
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidates left, minimum 24 needed for performance.
š (?)
1g 0:00:00:00 DONE (2019-06-10 23:15) 33.33g/s 100.0p/s 100.0c/s 200.0C/s š..ň
What do i have to add to my command?,
Thanks!
I'm playing with NTLM hashes and i got some unexpected results. I created a file with the hashes ( i generate them in windows, then extracted with mimikatz) below.
ce4f24280e84005c7fe6321d5ad17740
f82df3f90fb55ce458b582489e4c264c
807b2aeaebc79738fca58b366e4b5a7c
I generated a dictionary with the following words (are solution for each hash respectively). *Unix command "file" indicate that the wordlist file is in "UTF-8" format.
š
č
ň
the hex results for each letter respectively are:
c5a1
c48d
c588
then i tried the follow commands without success.
hashcat -a 3 -m 1000 /tmp/my.hashes ?b?b
hashcat -a 3 -m 1000 /tmp/my.hashes --hex-charset c5a1 [tried with the different hex code]
then i tried with john the ripper with the follow command and it works.
./john --format=nt --wordlist=/tmp//test.wordlist /tmp/my.hashes
Using default input encoding: UTF-8
Loaded 3 password hashes with no different salts (NT [MD4 256/256 AVX2 8x3])
Remaining 1 password hashes with no different salts
Warning: no OpenMP support for this hash type, consider --fork=4
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 1 candidates left, minimum 24 needed for performance.
š (?)
1g 0:00:00:00 DONE (2019-06-10 23:15) 33.33g/s 100.0p/s 100.0c/s 200.0C/s š..ň
What do i have to add to my command?,
Thanks!