-
Notifications
You must be signed in to change notification settings - Fork 449
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect hash length for netntlmv2 captured hash #24
Comments
SMB or HTTP? I'm guessing the challenge is missing? There is something that can cause that with the packet sniffer on the SMB side that I have not been able to track down. |
Hi Kevin, SMB and the challenge is present in the logfile:
The attacker's machine is a "Windows Server 2012 R2 Standard" and the tool was launched with admin privs. I can send you a captured hash if need be. In the other hand using Inveigh-Zero in the same scenario it works like a charm. Thanks for your support! |
Hi, Ugh, I'm guessing you don't see F91F2FCA9466DCC4 listed in the full hash output? If so, I think I see the bug. I combined the SMB and HTTP NTLM code but it looks like it's only checking the HTTP session table to grab the challenge. Since it is indeed seeing the challenge in this case, you should be able to just paste it in right after DOMAIN:. I'll get it fixed this weekend. Thanks! |
Hi Kevin, As you said, using the challenge from the logfile the problem has gone. I should have thought about it before! Thanks for your support and such great tool! |
Hello Kevin,
I've obtained several NetNTLM v2 hashes using your tool but hashcat is throwing an error with the hash length (type 5600: NetNTLMv2)
Hashfile 'netntlmv2.lst' on line 1 (-- redacted ---): Salt-length exception
The same error for all hashes.
Checking the format against the hashcat examples I've accomplished an inusual length of 32 characters for the captured hash.
Any idea or hint?
Thanks in advance!
The text was updated successfully, but these errors were encountered: