![]() ![]() If incorrect hashes are being calculated, it is likely that the text file is not formatted correctly. The text file should contain one string per line without additional control characters. Input file mode is called with the “ -i” or “ -inputfile” flags, followed by the path to the text file containing the strings to be hashed. Random mode is useful for quickly generating a large number of NTLM hashes that can then be used to stress test or tune the performance of your hash cracking rig. ![]() These hashes are truly random as the unhashed string is not known. Random mode creates random 32-character hexadecimal strings. ![]() Random mode is called with the “ -r” or “ -randomhashes” flags followed by the number of hashes to produce. In random mode, the script will generate as many random NTLM hashes as the user specifies. Single mode is useful when you want to quickly obtain the NTLM hash of a specific string (password), maybe for use in a Pass-the-Hash (PtH) attack, simply to validate the hash of a password, to test the efficacy or likelihood of hash cracking techniques, or maybe even to search an NTDS.dit database for a known cleartext password. The script will hash the string and return it via stdout. In single mode, a string can be provided as an argument with either the “ -s” or “ -single” flags. NTLMme.py currently has three functions, though I have plans for more and will be adding additional functionality to the script soon! For now, though, my new NTLM hash generator tool has single mode, random mode, and input file mode – which will process properly formatted text files. Rather than waste time trying to find or massage a data set to meet my needs, I wrote a Python3 NTLM hash generator that would do the trick. Then once I’d found something that would have worked, I would have had to either trust that the unhashed strings that produced those hashes actually met my predefined criteria, or spend time cracking the hashes for confirmation. I could have gone and searched for existing data sets that met the various criteria I wanted to use, but that likely would have involved a decent bit of spelunking git repositories to find exactly what I was looking for. A New NTLM Hash Generator Pentest Tool is Born I recently had the need for multiple different NTLM hash data sets to perform some analysis related to GPU-based NTLM hash cracking. New Technology LAN Manager (NTLM) hashes are used for authentication “under the hood” in Microsoft Windows systems. ![]() If they match, we know we have the correct password, otherwise we know our password guess is incorrect. To determine the cleartext that produced a hash we have to first hash something, in this case passwords, and then compare that hash to the known hash. Encryption is generally reversible, that is, as long as the encryption key is known the data can be decrypted. Hashing is a one-way cryptographic function, and although hashing is often confused with encryption, they are in fact very different. Stay tuned for part two of this blog that will release additional functionality for this NTLM hash generator tool! The Basics on Hashing This will be the first of a two-part series. Necessity is the mother of invention last month I created a new NTLM hash generator pentest tool to meet a specific need, and I’ve decided to share it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |