pierre Posted June 9, 2016 Share Posted June 9, 2016 (edited) Hello, I've dump hash on my XP VM and here is the output: user:1004:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c::: In Linux it is like on /etc/passwd with 7 fields: Username:Password:User ID :Group ID:User ID Info:Home directory:Command/shell Here we also have 7 fileds, but it like: Username:User ID :HASH:HASH::: Do you know what are the two hashes ? Edited June 9, 2016 by tot94 Quote Link to comment Share on other sites More sharing options...
cooper Posted June 9, 2016 Share Posted June 9, 2016 I wouldn't be at all surprised if one of them was the salt. Quote Link to comment Share on other sites More sharing options...
pierre Posted June 9, 2016 Author Share Posted June 9, 2016 I've been succeeding in cracking this hash:e52cac67419a9a224a3b108f3fa6cb6d -> PASSWORD, so it may be the users's password However, I don't succeed in this hash 8846f7eaee8fb117ad06bdd830b7586c.... so I don't what it should used for.. You think the 2nd is the salt ? I don't supposed so because I am on Windows XP system Quote Link to comment Share on other sites More sharing options...
pierre Posted June 9, 2016 Author Share Posted June 9, 2016 (edited) No I was misunderstanding I work on LM hash and a LM is composed in 2 hashes, so i've got to put both to decrypt them: :) Edited June 9, 2016 by tot94 Quote Link to comment Share on other sites More sharing options...
digininja Posted June 9, 2016 Share Posted June 9, 2016 The first is the lanman hash, the second the ntlm hash. Lanman is generally easier to crack because of the way the hash is generated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.