Hey fellow haxors!
So I went to this Boecore CTF the other day and there was this SMB challenge that I couldn't solve and it bothers me. I grabbed the pcap file and having been trying to crack it. The SMB pcap file can be found here. https://files.fm/u/9y2urrne
In the .pcap you can see someone connecting to a SMB share and using NTLMv2 authentication. It was hinted that weak authentication was used. So I extracted the hashes and constructed the following hash:
alice::WORKGROUP:85b0128d82e3e115:014E8558E4FCA12FFA3BC61C343CD2C5:0101000000000000078FD032B8B8D201BCE1291B57213FCC00000000020016004D0053004500440047004500570049004E0031003000010016004D0053004500440047004500570049004E0031003000040016004D0053004500440047004500570049004E0031003000030016004D0053004500440047004500570049004E003100300007000800078FD032B8B8D2010600040002000000080030003000000000000000000000000000000076B67B136D3A6BAB88BE1C2FBC2CA4D2E4678A89DE1D404D79C218AFB77937A40A001000000000000000000000000000000000000900220063006900660073002F003100390032002E003100360038002E0031002E003200360000000000
I have tried to crack this with hashcat using rockyou and darkc0de wordlists but no luck. Does anybody have some ideas how to crack this? Am I looking at the wrong place or I just need a better wordlist? Since it is a CTF challenge, it can't to be too sophisticated.