NTLMv1 hash captured not accurate

SpiderLabs / Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

GNU General Public License v3.0

4.52k stars 1.68k forks source link

NTLMv1 hash captured not accurate #66

Closed naterobbified closed 8 years ago

naterobbified commented 8 years ago

Used responder in my test lab to capture NTLMv1 hash, it wasn't working when I tried to use it to pass the hash with psexec metaploit module. I logged in with psexec using the password, dumped the hash to compare, and the hash values are different. Would there be a reason responder wouldn't pull the correct hash values?

videoman commented 8 years ago

You can't "pass" a challenge hash.

CheeseNuggets commented 8 years ago

https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx

picchioni commented 8 years ago

You should try cracking your test password with hashcat or John, you'll see that it's indeed correct.