server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon hashtopolis

[ENHANCEMENT Pwdump LM Hashes Incorrectly Handled

Open lordneon opened this issue 4 years ago • 2 comments

When a job is created with a pwdump formatted LM Hash (2 x 8 byte LM Hashes) which hashcat supports. When processed by the client the hash is automatically split by hashcat and cracked.

When hashtopolis receives the cracked hashes back, the hashes are not accepted as they are returned as two separate LM hashes (which they are) instead of the original pwdump joined up hash.

For example, the randomly generated dual LM D2C04F8696CB4C64EE3C66D0A47F10F8 which is HBOAIUJBMLUNBG (Or seperately) ee3c66d0a47f10f8:BMLUNBG d2c04f8696cb4c64:HBOAIUJ

In the client output below you can see the hashtopolis client send back the cracked chunks but the web interface never reports the hash as being cracked.

I guess fix for this would be to split any inputted 16 byte LM hashes and store them as two 8 byte hashes. Or support partial cracks so: D2C04F8696CB4C64EE3C66D0A47F10F8 if only D2C04F8696CB4C64 is cracked then it would report: HBOAIUJ<UNCRACKED>

  • Hashtopolis: 0.12.0
  • Client git: commit 0c839dcaf22e0fbf0b8db209cb48ec68909a2c73
  • Hashcat 6.0.0

On Client:

b'{"action":"getTask","response":"SUCCESS","taskId":4,"attackcmd":"#HL# -a 3 -1 ?u?d?s ?1?1?1?1?1?1?1","cmdpars":" --hash-type=3000 ","hashlistId":2,"bench":30,"statustimer":5,"files":[],"crackerId":"2","benchType":"speed","hashlistAlias":"#HL#","keyspace":"0","usePreprocessor":false,"preprocessor":"0","preprocessorCommand":"","enforcePipe":false,"slowHash":false,"useBrain":false}'
...
{'action': 'sendProgress', 'token': '', 'chunkId': 11361, 'keyspaceProgress': 6881280, 'relativeProgress': 3851, 'speed': 133719396221, 'state': 5, 'cracks': [['d2c04f8696cb4c64', 'HBOAIUJ', '48424f4149554a', '2737330818545'], ['ee3c66d0a47f10f8', 'BMLUNBG', '424d4c554e4247', '3046833349428']], 'gpuTemp': [47, 47, 51, 56, 50], 'gpuUtil': [97, 91, 90, 79, 90], 'cpuUtil': [32.9]}

lordneon avatar Jul 23 '20 08:07 lordneon

any progress on this? how are other people making the cracking of LM hashes easier? It would be awesome if you could input the whole password dump into Hashtopolis and it would let you handle both LM and NTLM hashes without additional processing.

fsacer avatar Nov 04 '22 07:11 fsacer

any progress on this? how are other people making the cracking of LM hashes easier? It would be awesome if you could input the whole password dump into Hashtopolis and it would let you handle both LM and NTLM hashes without additional processing.

I have been using a bash script to split the hashes (cat ntds-lanman.txt | cut -d : -f3 | fold -w 16) then crack them and then using john the ripper to quickly reconstruct them. This feature would be really nice to have.

thedrapinator avatar Feb 03 '24 00:02 thedrapinator