Search Results
|
Post |
Author |
Forum |
Replies |
Views
[asc]
|
Posted |
|
|
Thread: NTLM vs WPA/WPA2 cracking
Post: NTLM vs WPA/WPA2 cracking
Is there an intentional difference between how hashcat performs a dictionary + rule attack against NTLM vs WPA/WPA2?
While testing different dictionary and rule combinations against a set of test p... |
|
mtnsec |
hashcat
|
19 |
9,917 |
08-30-2018, 06:28 PM |
|
|
Thread: NTLM vs WPA/WPA2 cracking
Post: RE: NTLM vs WPA/WPA2 cracking
philsmd Wrote: (08-30-2018, 07:25 PM)
--
you could use pipes or -j to modify the password earlier on to test if the same problem happens with base passwords that are already long enough
--
These ar... |
|
mtnsec |
hashcat
|
19 |
9,917 |
08-30-2018, 07:46 PM |
|
|
Thread: NTLM vs WPA/WPA2 cracking
Post: RE: NTLM vs WPA/WPA2 cracking
Thanks for your help! I was able to confirm that it does appear to be skipping dictionary words less than 8 characters, even when rules would prepend/append enough characters to create a 8+ character ... |
|
mtnsec |
hashcat
|
19 |
9,917 |
08-30-2018, 08:38 PM |
|
|
Thread: NTLM vs WPA/WPA2 cracking
Post: RE: NTLM vs WPA/WPA2 cracking
Anyone have any ideas or workarounds for this limitation? As it stands, this means we can't use a rules based attack to crack any of the simplest/lowest hanging fruit such as:
Spring2018
Hello123... |
|
mtnsec |
hashcat
|
19 |
9,917 |
08-31-2018, 05:23 PM |
|
|
Thread: NTLM vs WPA/WPA2 cracking
Post: RE: NTLM vs WPA/WPA2 cracking
Thanks for the quick response philsmd! Unfortunately, stdin does not appear to bypass the character limitation. Using a dictionary of just 3 words (all less than 8 characters) results in a very quick ... |
|
mtnsec |
hashcat
|
19 |
9,917 |
08-31-2018, 09:08 PM |
|
|
Thread: Parsing a Potfile
Post: RE: Parsing a Potfile
?
$ cat hashcat.potfile | sed 's/[^:]*://' |
|
mtnsec |
hashcat
|
5 |
3,827 |
12-18-2018, 08:00 PM |
|
|
Thread: Mask attack with brain
Post: RE: Mask attack with brain
Thanks! That makes sense! However, I'm not seeing any change when using -2. It's still a whole lot slower, and my candidates are all hex encoded.. :( |
|
mtnsec |
hashcat
|
5 |
3,629 |
12-08-2018, 04:14 AM |
|
|
Thread: Mask attack with brain
Post: RE: Mask attack with brain
undeath Wrote: (12-08-2018, 02:21 PM)
--
What's your whole command line?
--
Originally I was using:
sudo hashcat -z --brain-password --brain-client-features 1 -a 3 -m 5500 -O hash.txt maskfile.... |
|
mtnsec |
hashcat
|
5 |
3,629 |
12-08-2018, 07:27 PM |
|
|
Thread: Mask attack with brain
Post: Mask attack with brain
Curious why my mask attack slows down from a few seconds, to 15+ hours when I try to use the brain. I"m also noticing that my candidates show the hex value instead of the actual candidate. For exa... |
|
mtnsec |
hashcat
|
5 |
3,629 |
12-08-2018, 02:44 AM |
|
|
Thread: Multiple hashes for the same user (WPA, PMKID, NetNTLMv2)
Post: Multiple hashes for the same user (WPA, PMKID, Net...
Hello!
I'm running into another issue/question about what I need to crack.
I have collected several WPA handshakes, PMKIDs and NetNTLMv2 challenge/response pairs.
Many of these are duplicates... |
|
mtnsec |
hashcat
|
2 |
2,328 |
12-07-2018, 05:26 PM |
|
|
Thread: Multiple hashes for the same user (WPA, PMKID, NetNTLMv2)
Post: RE: Multiple hashes for the same user (WPA, PMKID,...
undeath Wrote: (12-07-2018, 05:37 PM)
--
Especially with WPA there is a chance of transmission errors. For other hash types less so.
--
Thank you! |
|
mtnsec |
hashcat
|
2 |
2,328 |
12-07-2018, 05:42 PM |
|
|
Thread: Brain as a centralized potfile?
Post: Brain as a centralized potfile?
I'm still trying to understand the brain, so hopefully this question makes sense:
Looking at the features:
- [ Brain Client Features ] -
# | Features
===+========
1 | Send hashed pas... |
|
mtnsec |
hashcat
|
3 |
2,089 |
12-16-2018, 09:09 PM |
|
|
Thread: Brain as a centralized potfile?
Post: RE: Brain as a centralized potfile?
|
mtnsec |
hashcat
|
3 |
2,089 |
12-18-2018, 08:01 PM |