NetNTLMv2 hashes cracking but now showing in UI

[marksee]

Your current Server version located at the bottom of any Hashtopolis webpage.

Hashtopolis: commit 410898e branch master 0.5.1

Current Client version

python 0.1.3

Your current Hashcat version

4.1.0

The exact task command you are trying to run.

Hashlist: NetNTLMv2

Task: #HL# -r best64.rule crackstation-human-only.txt

Debug output from the client by running "hashtopolis.exe -d" or with debug flag set on the python client.

CALL: ./hashcat-41064.bin --machine-readable --quiet --status --remove --restore-disable --potfile-disable --session=hashtopolis --status-timer 5 --outfile-check-timer=5 --outfile-check-dir=../hashlist_11 -o ../../hashlists/11.out --remove-timer=5 -s 0 -l 3 ../../hashlists/11 ../../files/delete.txt -r ../../files/d3ad0ne.rule -p : --hash-type=5600
started cracking
Sending keepalive progress to avoid timeout...
{'action': 'sendProgress', 'token': 'tUxdmoZXXj', 'cracks': [], 'keyspaceProgress': 0, 'relativeProgress': 0, 'state': 2, 'chunkId': 11, 'speed': 0}
Starting new HTTPS connection (1): hashcracker.csco.io
"POST /api/server.php HTTP/1.1" 200 80
b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]}'
Sending keepalive progress to avoid timeout...
{'action': 'sendProgress', 'token': 'tUxdmoZXXj', 'cracks': [], 'keyspaceProgress': 0, 'relativeProgress': 0, 'state': 2, 'chunkId': 11, 'speed': 0}
Starting new HTTPS connection (1): hashcracker.csco.io
"POST /api/server.php HTTP/1.1" 200 80
b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]}'
Sending keepalive progress to avoid timeout...
{'action': 'sendProgress', 'token': 'tUxdmoZXXj', 'cracks': [], 'keyspaceProgress': 0, 'relativeProgress': 0, 'state': 2, 'chunkId': 11, 'speed': 0}
Starting new HTTPS connection (1): hashcracker.csco.io
"POST /api/server.php HTTP/1.1" 200 80
b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]}'
Sending keepalive progress to avoid timeout...
{'action': 'sendProgress', 'token': 'tUxdmoZXXj', 'cracks': [], 'keyspaceProgress': 0, 'relativeProgress': 0, 'state': 2, 'chunkId': 11, 'speed': 0}
Starting new HTTPS connection (1): hashcracker.csco.io
"POST /api/server.php HTTP/1.1" 200 80
b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]}'
Sending 1 cracks...
{'action': 'sendProgress', 'token': 'tUxdmoZXXj', 'cracks': ['test::dtest:998baa47bd62eb49:48dfa05eb75075d806d96fed90a508d0:01010000000000009e785fdd67d3d301d68fa00db57b9e73000000000200060053004d0042000100160053004d0042002d0054004f004f004c004b00490054000400120073006d0062002e006c006f00630061006c000300280073006500720076006500720032003000300033002e0073006d0062002e006c006f00630061006c000500120073006d0062002e006c006f00630061006c000800300030000000000000000000000000200000c6735e63d65e7c980998b93fb0404a373f833458bd87e9e6d97dd2488f4ab52c0a001000000000000000000000000000000000000900120048005400540050002f0077007000610064000000000000000000:Password456#'], 'keyspaceProgress': 0, 'relativeProgress': 53, 'state': 5, 'chunkId': 11, 'speed': 89092}

Describe your problem in as much detail as possible " It's broke " is not a description.

When cracking a NetNTLMv2 hash, debug output shows the task running and successfully cracking. The UI doesn't now show the cracked password but shows as the task is completed. I've read #323 and saw it was fixed in a previous version of the python client, figured I would create a new one instead of reopening.

[s3inlc]

The important part is mostly mentioned here: https://github.com/s3inlc/hashtopolis/issues/323#issuecomment-361897078

You need to use set a different separator when importing these hashes, as hashtopolis otherwise wrongly parses the hashes on import and when trying to find the cracked one, it does not match.

So you need to reimport the hashlist, then use ] for example as the separator (basically just a char which is not present in the hash). And the hash should NOT be imported as salted one.

With the newly imported hashlist the crack should then be successfully submitted and saved.

[marksee]

I changed the separator in the Server configs, reimported, and cracked successfully. Thanks for the quick help!

Is this considered a bug worth fixing for future releases?

[winxp5421]

The main issue here is the one size fits all problem. hashtopolis has to support a wide range of configurations, hash types, attacks, etc.

So i believe instead of chasing down one particular issue with compatibility. Its best to come up with a solution that can be reused with other future "problems" and giving the end user the ability to choose whatever separator character they wish is one of those 'general' solutions. Is it the easiest way for the end user... No. Is it the best way... probably not. but, it does allow the end user more flexibility in what they can do with Hashtopolis. especially when dealing with the odd and the stranger algorithms.

Now, this particular issue with hashes containing the same character most people use as a separator ( the colon) is not a new thing. A lot of software struggles to figure out what is considered a separator and what is considered part of the "data". Unfortunately, in my opinion, the best way to handle this problem is changing to another separator that is not found in the algorithm output (hash). This is not the most user-friendly way to handle this but, its the best way to handle it.

So i guess to answer your question I believe this is not a bug. Hashtopolis already supports user-defined separator characters and in the end, that's the best way to handle this problem on a "universal" level.

[marksee]

Completely agree, thanks the for detailed reply. My only suggestion would to publicly document the edge cases in NetNTLM and other algorithms which may prevent future issue tickets such as mine.

[s3inlc]

Yeah, I agree. It's already mentioned shortly in the Frequent Problems section on the wiki: https://github.com/s3inlc/hashtopolis/wiki/Frequent-Problems#hashes-containing-colons-are-not-handled-correctly

[marksee]

RTFM it is for me then :), I'll close the issue now. Thanks for all the help.