Hashes
Determining Hash Type #
# using hashid
# -m -- displays equivalent mode for hashcat
hashid -m '$6$7GS5e.yv$HqIH5MthpGWpczr3MnwDHlED8gbVSHt7ma8yxzBM8LuBReDV5e1Pu/VuRskugt1Ckul/SKGX.5PyMpzAYo3Cg/'
# hashi-identifier
hash-identifier
- Alternatives:
- https://github.com/SmeegeSec/HashTag.git
NTLM #
# LM - oldest way of storing password
299BD128C1101FD6
# NThash - newer format of storing password
B4B9B02E6F09A9BD760F388B67351E2B
# NTLMv1
# - aka Net NTLM or NTLM
# - a protocol (not a hash)
# - uses LM and NT hashes (see example below)
# - you can use this in pass the hash attacks
# - you get this from SAM (local) or NTDS (domain controller)
# - aad3b435b51404eeaad3b435b51404ee (1st part, LM)
# - 0e0363213e37b94221497260b0bcb4fc (2nd part, NT)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:0e0363213e37b94221497260b0bcb4fc:::
# NTLMv2
# - similar to NTLMv1
# - but harder to crack
# - cannot be used for pass the hash attack since its
# time based challenge response
enterprise-security::VULNNET:8b856f99a4f56574:3A6E6B90770F93843A6165D65C6CFECB:0101000000000000805DD83722A8D701732DB60C452305CF0000000002000800330054004E00380001001E00570049004E002D003500570031004B0044003500500030004A003800560004003400570049004E002D003500570031004B0044003500500030004A00380056002E00330054004E0038002E004C004F00430041004C0003001400330054004E0038002E004C004F00430041004C0005001400330054004E0038002E004C004F00430041004C0007000800805DD83722A8D70106000400020000000800300030000000000000000000000000300000ED09696FFCBE70BE87097AB6EC544650C2EDD2CF2ADF7CA7ECAF5424D119C3C40A001000000000000000000000000000000000000900200063006900660073002F00310030002E00310031002E00340030002E00330033000000000000000000
- Based from HTB bastion, if LM hash starts with
aad3b
and NT hash starts with31d6
, that means both hashes are blank which most probably means Administrator account is disabled. - LM hash is normally blank out but not NT hash
- Cracking LM Hash Explanation
Bcrypt #
- Very hard to crack
- You may be able to crack it via [[Hashcat]] if you use a rule file
$2b$10$83pRYaR/d4ZWJVEex.lxu.Xs1a/TNDBWIUmB4z.R0DT0MSGIGzsgW
Apache MD5 #
$apr1$tbcm2uwv$UP1ylvgp4.zLKxWj8mc6y/
SHA1SUM #
- 40 characters
echo test | sha1sum
Other resources #
- Practical Usage of NTLM Hashes - ropnop blog
[LM, NTLM, Net-NTLMv2, oh my!. A Pentester’s Guide to Windows Hashes by Péter Gombos Medium](https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4) - example_hashes hashcat wiki
- NTLM vs. NTLMv1/v2 a.ka. Net-NTLMv1/v2 · CTF2