solved Hash format for Quckcreds

[kaiserninja]

What format are the hashes created in the loot folder? Do I need to convert them to another format for cracking? I lifted my hashes from my windows machine and am trying to use John the ripper to crack it and it says no "passwd hashes loaded". 

Edited March 10, 2017 by kaiserninja
problem solved

[WatskeBart]

49 minutes ago, kaiserninja said:

What format are the hashes created in the loot folder? Do I need to convert them to another format for cracking? I lifted my hashes from my windows machine and am trying to use John the ripper to crack it and it says no "passwd hashes loaded". 

Look what @Cpt.Pickles posted here. This site tells it all.

[kaiserninja]

I found out that my problem was that I was using John the Ripper standard version which can't read the NTLMv2 Hash. You must have the John the Ripper Jumbo version. I could not get it to compile on Ubuntu 16 because of libopenssl being broken but I am a mac user and found a precompiled version of it here http://download.openwall.net/pub/projects/john/contrib/macosx/

On a mac just download this folder and navigate to the /run directory and run the command. No need to compile anything. 

./john --format=netntlmv2 "your_hashfile_here.txt"

and it will brute force it. Cracked my 4 letter hash I pulled from the bashbunny in about 10 seconds. You could also point it to a dictionary file by appending that to the end of the command like so:

./john --format=netntlmv2 "your_hashfile_here.txt" "your_dictionary_file.txt"

If someone has an idea on how to install john the ripper jumbo on Ubuntu that might be helpful to some people here who don't have mac. Also I couldn't use hash cat because it uses the gpu and my laptop has an onboard intel unsupported chip. 

Hope this helps!

[azzarin]

I tried this yesterday using hashcat. I would recommend you do to. It's fast and easy, lots of support too.