I am having difficulties having hashcat crack any hashes that I get by running responder. I tried many NetNTLMv2 hashes from differents computer and it still does not crack it even if I provide a dictionnary file with only the good password.
Here is the hash I just captured from a windows machine which password is "password":
Admin::Pentest8:1122334455667788:CC7FB11019DFFD86F655D6E8E74F2DFB:0101000000000000C0653150DE09D2013B791EAC0A885F57000000000200080053004D004200330001001E00570049004E002D00500052004800340039003200520051004100460056000400140053004D00420033002E006C006F00630061006C0003003400570049004E002D00500052004800340039003200520051004100460056002E0053004D00420033002E006C006F00630061006C000500140053004D00420033002E006C006F00630061006C0007000800C0653150DE09D20106000400020000000800300030000000000000000100000000200000DCA2A3DCAE79BD1C19800BF1CEBBE2FFDB7DC61A06ECD96D9098E6CCC47B0E510A0010000000000000000000000000000000000009002A0063006900660073002F00740068006900730064006F00650073006E006F00740065007800690073007400000000000000000000000000
Running hashcat using this command returns status: Exhausted:
hashcat -m 5600 hash.txt dict.txt
The exemple hash provided on the hashcat's website works right away with password : "hashcat"
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030
Any one got an idea ?
Thanks in advance,
Guillaume
EDIT :
using john the ripper isn't working either:
john --format=netntlmv2 hash.txt --wordlist=dict.txt
Fixed by upgrading Responder to its latest version. They changed how the challenge/response is generated recently.
Related
Good evening!
I'll start by saying this is really not my forte so please be gentle. I am currently doing some work that requires me to remote to machines when there is nobody logged in. I can do this manually using the command 'QUERY USER /SERVER "HOSTNAME"' however this really is manual, and theres quite a delay when going one by one through a CSV. It's been OK to grab the odd straggler, but we're talking hundreds of machines here.
Outside of your basic query I don't have a great deal of PS experience, but I tried my best in a ForEach and just tried some googling as I came up against each error.
My export in question is a CSV file with the header of 'DeviceName' and all of the hostnames of each machine, nothing more.
Basically where I've got to is importing a CSV, and I can echo each of the hostnames, so I've tried a ForEach, run that same Command but despite googling I'm unable to get the foreach variable to pass through. I'm yet to get to a point where I'm even considering how I'll export this back out for review later.
What I'm basically asking for is any assistance to push me in the right direction to either make this work or an alternative that is staring me in the face. Thank you in advance!
$1909 = Import-CSV C:\temp\1909-20221104.csv
foreach( $DeviceName in $1909) {
cmd /c query user /server $DeviceName
}
I came accross a hash that starts as follows, which I'm trying to reverse: $rar3$*1*
However, I can't seem to find a rainbow table for the rar3 hashing algorithm.
Can anyone point me in the right direction.
Rainbow tables won't work:
RAR passwords, why don't rainbow tables work?
$RAR3$0, which is RAR with opening-password, is supported by Hashcat. [2]
It is created with the -hp option: [3]
-hp option, which encrypts the internal block headers that contain file metadata, as well as the content of the files
-p option, which encrypts only the content of the files in the archive, while file metadata (filenames...) are not encrypted
$RAR3$1, which is created with -p, is not supported by Hashcat. You can try John the Ripper to crack it instead. [5][6]
cRARk freeware utility to crack RAR password
Well I tried to send the url encoded but when I start the stream I get 550 error (permission denied, which means that the folder doesn't exist in my case -> probably it compares with the non encoded name on the server). I tried to send it unencoded...and it failed even quicker, the stream didn't opened at all (naturally). I take it that it's impossible to list a directory that has whitespaces?
I'm using a Linux server, but ideally, I would like it to work with multiple servers.
[UPDATE] I've just tried the apple sample SimpleFTP code and it seems that it has the same problem. It creates folders with spaces, but when you try to list them it fails
I don't know too much about NSStream, I am using FTPHelper by Erica Sadun for ftp'ing, but I presume that the URL either needs to be escaped.
Try %20 or \ where the spaces are meant to be. There is meant to be a space after the \ by the way!
On some sites, in their download section each file has a md5. md5 of what? i cant understand the purpose
on phpBB.com for example:
Download phpBB 3.0.6 (zip)
Size: 2.30 MiB
MD5: 63e2bde5bd03d8ed504fe181a70ec97a
It is the signature of the file's hash. The idea is that you can run MD5 against the downloaded file, then compare it against that value to make sure you did not end up with a corrupted download.
This is a checksum, for verifying that the file as-downloaded is intact, without transmission errors. If the checksum listing is on a different server than the download, it also may give a little peace of mind that the download server hasn't been hacked (with the presumption that two servers are harder to hack than one).
It's a hash of the file. Used to ensure file integrity once you download said file. You'd use an md5 checksum tool to verify the file state.
Sites will post checksums so that you can make sure the file downloaded is the same as the file they're offering. This lets you ensure that file has not been corrupted or tampered with.
On most unix operating systems you can run md5 or md5sum on a file to get the hash for it. If the hash you get matches the hash from the website, you can be reasonably certain that the file is intact. A quick Google search will get you md5sum utilities for Windows.
You might also see an SHA-1 hash sometimes. It's the same concept, but a different and more secure algorithm.
This is an md5 hash of the entire binary contents of the file. The point is that if two files have different md5 hashes, they are different. This helps you determine whether a local file on your computer is the same as the file on the website, without having to download it again. For instance:
You downloaded your local copy somewhere else and think there might be a virus inside.
Your connection is lossy and you fear the file might be corrupted by the download.
You have changed the local file name and want to know which version you have.
I've seen this all over the place:
Download here! SHA1 =
8e1ed2ce9e7e473d38a9dc7824a384a9ac34d7d0
What does it mean? How does a hash come into play as far as downloads and... What use can I make of it? Is this a legacy item where you used to have to verify some checksum after you downloaded the whole file?
It's a security measure. It allows you to verify that the file you just downloaded is the one that the author posted to the site. Note that using hashes from the same website you're getting the files from is not especially secure. Often a good place to get them from is a mailing list announcement where a PGP-signed email contains the link to the file and the hash.
Since this answer has been ranked so highly compared to the others for some reason, I'm editing it to add the other major reason mentioned first by the other authors below, which is to verify the integrity of the file after transferring it over the network.
So:
Security - verify that the file that you downloaded was the one the author originally published
Integrity - verify that the file wasn't damaged during transmission over the network.
When downloading larger files, it's often useful to perform a checksum to ensure your download was successful and not mangled along transport. There's tons of freeware apps that can be used to gen the checksum for you to validate your download. This to me is an interesting mainstreaming of procedures that popular mp3 and warez sites used to use back in the day when distributing files.
SHA1 and MD5 hashes are used to verify the integrity of files you've downloaded. They aren't necessarily a legacy technology, and can be used by tools like those in the openssl to verify whether or not your a file has been corrupted/changed from its original.
It's to ensure that you downloaded the file correctly. If you hash the downloaded the file and it matches the hash on the page, all is well.
A cryptographic hash (such as SH1 or MD5) allows you to verify that file you have has been downloaded correctly and has not been tampered with.
To go along with what everyone here is saying I use HashTab when I need to generate/compare MD5 and SHA1 hashes on Windows. It adds a new tab to the file properties window and will calculate the hashes.
With a has (MD5, SHA-1) one input matches only with one output, and then if you down load the file and calculate the hash again should obtain the same output.
If the output is different the file is corrupt.
If (hash(file) == “Hash in page”)
validFile = true;
else
validFile = false;