Elevant

Ahh, I see now. Did not think of looking for that. I guess the solution was easier than I thought. Thanks m8!

I am not sure I understand you how the null values would effect cracking this. To my knowledge the server sends the challenge and client responds with a NTLM challenge of which part of is that the client encrypts the serve challenge with its password hash. So having the server challenge and the response should be enough to crack it but I agree with you in that there must be something more to it.

Hey fellow haxors! So I went to this Boecore CTF the other day and there was this SMB challenge that I couldn't solve and it bothers me. I grabbed the pcap file and having been trying to crack it. The SMB pcap file can be found here. https://files.fm/u/9y2urrne In the .pcap you can see someone connecting to a SMB share and using NTLMv2 authentication. It was hinted that weak authentication was used. So I extracted the hashes and constructed the following hash: alice::WORKGROUP:85b0128d82e3e115:014E8558E4FCA12FFA3BC61C343CD2C5:0101000000000000078FD032B8B8D201BCE1291B57213FCC00000000020016004D0053004500440047004500570049004E0031003000010016004D0053004500440047004500570049004E0031003000040016004D0053004500440047004500570049004E0031003000030016004D0053004500440047004500570049004E003100300007000800078FD032B8B8D2010600040002000000080030003000000000000000000000000000000076B67B136D3A6BAB88BE1C2FBC2CA4D2E4678A89DE1D404D79C218AFB77937A40A001000000000000000000000000000000000000900220063006900660073002F003100390032002E003100360038002E0031002E003200360000000000 I have tried to crack this with hashcat using rockyou and darkc0de wordlists but no luck. Does anybody have some ideas how to crack this? Am I looking at the wrong place or I just need a better wordlist? Since it is a CTF challenge, it can't to be too sophisticated.