Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Help Cracking NTLM Hash

  1. Home
  2. Forum
  3. Hacking in general
  4. Help Cracking NTLM Hash

Infam0us's Avatar

Infam0us

Member
0 0

I have an administrators ntlm hash from xp. When I try to crack it in cain and abel I get this when starting to brute force it.

Plaintext of F4CA7D356EE… is 0307 Attack Stopped! 1 of 2 Hashes Cracked

The hash it cracked is the "NT hash" so now I'm stuck with a password that looks exaclty like this "???????0307"

How do I attack the rest of the password? Is the rest of that password an LM hash (thats my best guess)? It is exactly 7 characters missing.

Or is it an ntlm hash? I have read this stuff in school and on wikipedia and thought i understood it.

Any help on what type of hash the rest of the password is and what would be the best way to crack it?


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Try milw0rm's cracker, I think they do lm hashes.


ghost's Avatar

ghost

0 0

I like freerainbowtables.com … it is a distributed computing site that generates rainbow tables… you don't have to use their generating software to use their tables… you don't have to download the tables either, just submit the hash on their site and give it 10 mins or so… and check the pass.


Infam0us's Avatar

Infam0us

Member
0 0

Thanks for the help everyone.

System_meltdown I went to milw0rm and the LM hash is supposed to be 16bytes these hashes are double that. So I guess its not an LM hash like i thought it was.

Here is the NT hash, F4CA7D356EE41CD859A26C49A31B2F9D and this one is labeled in cain and abel as LM hash 0259752D2C3B4F13F9496BE7EBA6D251

I'll try rainbow tables next and if that doesn't work I'll run them through jtr and see if I have better luck.


ghost's Avatar

ghost

0 0

How did you get the hash? Pwdump? If so, post the full output from it.

I would also reccomend freerainbowtables.com.


Uber0n's Avatar

Uber0n

Member
0 0

Infam0us wrote: Is the rest of that password an LM hash (thats my best guess)? It is exactly 7 characters missing. Yes it is ^^ passwords longer than 7 characters are split up in two LM hashes; that's why they're so damn easy to crack compared to NT hashes ;)


korg's Avatar

korg

Admin from hell
0 0

Just use JTR. A good wordlist will crack it in seconds. PS: I would learn more on ntlm hashes. (Your comment on milworm's error)


ghost's Avatar

ghost

0 0

korg wrote: Just use JTR. A good wordlist will crack it in seconds. PS: I would learn more on ntlm hashes. (Your comment on milworm's error)

yea, he need an good w-list