Converting NetNTLMv1 hash from Responder to crack.sh format

[Hex0g3n]

Great post about NetNTLMv1 hash. However, I am still very confused...

userA::DomainA:DBA4C1C60CD572AA00000000000000000000000000000000:A2B86AC601A4CA114AF662AE56DAEAD5116C4FE99A6205DB:0256388CB5E5A94D

As the crack.sh format only contains challenge and response. How do I fit in the LM client challenge to their format?

[3gstudent]

LM client challenge is useless.

[Hex0g3n]

What's the reason? It's not used for computation?

我也會看中文.. 如果可以知道多一些，非常感謝你

[3gstudent]

Yes,LM client challenge is not used for formulating the response.

Input:

• username
• hostname
• password
• Server challenge

Output:

• response

In traditional Brute-Force attack,we try all combinations from a given Keyspace and calculate a new response.

Then use the new response to compare with the given response.

So is the NetNTLMv2 hash,we need server challenge instead of client challenge.