SemiAnonyAnon Posted January 19, 2017 Share Posted January 19, 2017 **IT Issue, not directly Turtle Related** Hi Guys, I'm loving the Turtle, however, I've been able to get everything working however, I'm having an issue. When I use QuickCreds, or configured Responder, I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext. The hash is seen as correct, and viable within Hashcat, but it's not valid. This is the example NTLM from Hashcat, which works fine: admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat") This is my capture with some details adjusted so that it remains private: REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$ So why is this happening? The only thing I could think is that it's on a domain, (I've been given permission to this this, so don't worry) Thanks in advance. Quote Link to comment Share on other sites More sharing options...
SemiAnonyAnon Posted January 19, 2017 Author Share Posted January 19, 2017 Nevermind sorted it, didn't copy the whole file, my mistake. Quote Link to comment Share on other sites More sharing options...
Anakin078 Posted March 21, 2017 Share Posted March 21, 2017 Hi, I'm also researching the turtle. Could you please tell me a little more about the details? I used the Responder module, and tried to save log files in /tmp. The mod I chose is 9. I tried on my windows10 laptop, but I only found four *-session files in /overlay/etc/turtle/Responder/logs. I got no NTLM creds. Could you please tell me is there anything wrong? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.