09-29-2020, 01:47 PM
I have some Kerberos-hashes (supposedly mode 19700) that will not run ('SEPARATOR UNMATCHED' error). The file is in UTF-8 format and I'm using my usual cracking rig where I crack other hashes like the modes 1000, 5600, 13100 and so on.
I believe the problem is that the hashes were extracted by using a PowerShell script meant to extract the weaker Kerberos RC4-based hashes (mode 13100). Or a poorly hacked version of the original script (Get-DomainSPNTicket by Harmj0y).
Is there a way to manipulate these hashes so that they will run? I found a guide mentioning the possibility of moving things around, but I can't find it again and anyway it wasn't really easy enough for me to understand..
I believe the problem is that the hashes were extracted by using a PowerShell script meant to extract the weaker Kerberos RC4-based hashes (mode 13100). Or a poorly hacked version of the original script (Get-DomainSPNTicket by Harmj0y).
Is there a way to manipulate these hashes so that they will run? I found a guide mentioning the possibility of moving things around, but I can't find it again and anyway it wasn't really easy enough for me to understand..
Code:
$krb5tgs$18$*removed$removed$removed/removed*$32chars(upper and digit mix)$4758chars(upper and digit mix)