11-13-2019, 01:56 PM
I ran into this issue recently during a CTF competition and spent a little time replicating a test scenario. Given a 13-char password as an LM hash, Hashcat (v5.1.0) successfully cracks the first hash but not the second.
To re-create the issue I padded Hashcat's example LM hash out to 13-chars:
HASHCATHASHCA = 299BD128C1101FD6A9BF21707E39C1C7
And ran a typical attack for LM hashes:
As a sanity check I ran a John session on the same hash:
To re-create the issue I padded Hashcat's example LM hash out to 13-chars:
HASHCATHASHCA = 299BD128C1101FD6A9BF21707E39C1C7
And ran a typical attack for LM hashes:
Code:
$ hashcat '299BD128C1101FD6A9BF21707E39C1C7' -m3000 -a3 -1 ?u?d?s ?1?1?1?1?1?1?1
$ hashcat '299BD128C1101FD6A9BF21707E39C1C7' -m3000 --show
299bd128c1101fd6a9bf21707e39c1c7:HASHCAT[notfound]
As a sanity check I ran a John session on the same hash:
Code:
$ john lm_test.hash --format=LM-opencl --fork=4
$ john lm_test.hash --format=LM-opencl --show
Device 3: GeForce GTX 1080
?:HASHCATHASHCA
2 password hashes cracked, 0 left