SemiAnonyAnon

QuickCreds / Responder NTLM Issue.

3 posts in this topic

**IT Issue, not directly Turtle Related**

 

Hi Guys,

I'm loving the Turtle, however, I've been able to get everything working however, I'm having an issue.

When I use QuickCreds, or configured Responder, I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.

The hash is seen as correct, and viable within Hashcat, but it's not valid.

This is the example NTLM from Hashcat, which works fine:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030   (Processes to "hashcat")

This is my capture with some details adjusted so that it remains private:

REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$

So why is this happening? The only thing I could think is that it's on a domain, (I've been given permission to this this, so don't worry)

 

Thanks in advance.

0

Share this post


Link to post
Share on other sites

Hi, I'm also researching the turtle. Could you please tell me a little more about the details?

I used the Responder module, and tried to save log files in /tmp. The mod I chose is 9. I tried on my windows10 laptop, but I only found four *-session files in /overlay/etc/turtle/Responder/logs.  I got no NTLM creds.

Could you please tell me is there anything wrong?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.