Jump to content
Hak5 Forums

QuickCreds / Responder NTLM Issue.

Recommended Posts

**IT Issue, not directly Turtle Related**


Hi Guys,

I'm loving the Turtle, however, I've been able to get everything working however, I'm having an issue.

When I use QuickCreds, or configured Responder, I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext.

The hash is seen as correct, and viable within Hashcat, but it's not valid.

This is the example NTLM from Hashcat, which works fine:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030   (Processes to "hashcat")

This is my capture with some details adjusted so that it remains private:


So why is this happening? The only thing I could think is that it's on a domain, (I've been given permission to this this, so don't worry)


Thanks in advance.

Share this post

Link to post
Share on other sites

Hi, I'm also researching the turtle. Could you please tell me a little more about the details?

I used the Responder module, and tried to save log files in /tmp. The mod I chose is 9. I tried on my windows10 laptop, but I only found four *-session files in /overlay/etc/turtle/Responder/logs.  I got no NTLM creds.

Could you please tell me is there anything wrong?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.