hashcrackingntlmv2hashcat

Hashcat not working on NetNTLMv2 hashes obtained by Responder


I am having difficulties having hashcat crack any hashes that I get by running responder. I tried many NetNTLMv2 hashes from differents computer and it still does not crack it even if I provide a dictionnary file with only the good password.

Here is the hash I just captured from a windows machine which password is "password":

Admin::Pentest8:1122334455667788:CC7FB11019DFFD86F655D6E8E74F2DFB:0101000000000000C0653150DE09D2013B791EAC0A885F57000000000200080053004D004200330001001E00570049004E002D00500052004800340039003200520051004100460056000400140053004D00420033002E006C006F00630061006C0003003400570049004E002D00500052004800340039003200520051004100460056002E0053004D00420033002E006C006F00630061006C000500140053004D00420033002E006C006F00630061006C0007000800C0653150DE09D20106000400020000000800300030000000000000000100000000200000DCA2A3DCAE79BD1C19800BF1CEBBE2FFDB7DC61A06ECD96D9098E6CCC47B0E510A0010000000000000000000000000000000000009002A0063006900660073002F00740068006900730064006F00650073006E006F00740065007800690073007400000000000000000000000000

Running hashcat using this command returns status: Exhausted:

hashcat -m 5600 hash.txt dict.txt

The exemple hash provided on the hashcat's website works right away with password : "hashcat"

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

Any one got an idea ?

Thanks in advance,

Guillaume

EDIT : using john the ripper isn't working either:

john --format=netntlmv2 hash.txt --wordlist=dict.txt

Solution

  • Fixed by upgrading Responder to its latest version. They changed how the challenge/response is generated recently.