OpenSecurityResearch / hostapd-wpe

Modified hostapd to facilitate AP impersonation attacks
496 stars 97 forks source link

Question: How to generate the value to feed the Hashcat NTLMv2 hash cracker #24

Closed Fireflaker closed 6 years ago

Fireflaker commented 6 years ago

++++++++++++here is an example of what I got:++++++++++++++ username: username challenge: ch:5e:fz:c0:0z:a0:zc:0z response: re:3a:c3:dz:z4:40:zz:e8:z0:zf:z4:zz:3f:az:04:z0:zc:z3:zz:0f:zz:e4:8z:c5 jtr NETNTLM: username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5

++++++++++++what hashcat needs:++++++++++++++ Username:: Domain:Challenge:NTLMv2hash(aka HMAC-MD5):blob(entire NTLMv2 response except the HMAC that was in the preceding field)

++++++++++++what I am missing:++++++++++++++ Not sure. But I am expecting challenge, response and another thing.

Thank you!

nemanjan00 commented 6 years ago
username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5

That is it.

Fireflaker commented 6 years ago

Thanks for the reply... Unfortunately, according to --https://hashcat.net/wiki/doku.php?id=example_hashes--, I have to make up something to fill in the command. Sorry if it is a stupid question. But may I know which hash cracker code(Ex. 5600) should I use/ what the command should be like?

5600 | NetNTLMv2 | admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

Thank you for your help.

nemanjan00 commented 6 years ago
john --format=netntlm hashes.txt --fork=4

hashes.txt

username$NETNTLM$ch5efzc00za0zc0z$re3ac3dzz440zze8z0zfz4zz3faz04z0zcz3zz0fzze48zc5
Fireflaker commented 6 years ago

Thank you!