08-27-2019, 04:34 PM
Pages: 1 2
08-28-2019, 10:40 PM
Assuming your ntds dump is ntds.dit you need to do the following (don't do it from a mac, it just doesn't work)
1) Create a list of just lanman
2) Create a list of just ntlm and remove invalid hashes (aad3b435b51404eeaad3b435b51404ee)
3) run hashcat in mode 3000 on increment mode for ?a (this will not cover all accented and international characters, adjust if needed)
4) create a new candidate file
5) download the toggles rules from https://blog.didierstevens.com/2016/07/1...gle-rules/
Direct download link: https://didierstevens.com/files/software/...v0_0_1.zip
6) run hashcat with your candidate file and the rule file in that zip
7) show the results
1) Create a list of just lanman
Code:
cut -d: -f3 < ntds.dit | sort -u > ntds.lm2) Create a list of just ntlm and remove invalid hashes (aad3b435b51404eeaad3b435b51404ee)
Code:
cut -d: -f4 < ntds.dit | grep -v aad3b435b51404eeaad3b435b51404ee | sort -u > ntds.ntlm3) run hashcat in mode 3000 on increment mode for ?a (this will not cover all accented and international characters, adjust if needed)
Code:
./hashcat -m 3000 ntds.lm -i -a 3 -w 3 ?a?a?a?a?a?a?a4) create a new candidate file
Code:
./hashcat -m 3000 ntds.lm --show | cut -d: -f2- > cand.lst5) download the toggles rules from https://blog.didierstevens.com/2016/07/1...gle-rules/
Direct download link: https://didierstevens.com/files/software/...v0_0_1.zip
6) run hashcat with your candidate file and the rule file in that zip
Code:
./hashcat -m 1000 ntds.ntlm -w 3 -O -a 0 cand.lst -r toggles-lm-ntlm.rule7) show the results
Code:
./hashcat -m 1000 ntds.dit --username --showPages: 1 2