Jump to content

Nick Kwiecien

Recommended Posts

So I've successfully dumped NTLMv2 hashes from a locked PC and I am stuck on what you can do with them from there. With the new security updates regarding token based filtering trying to pass the hash or remote login without being a SID 500 is almost useless and unless you have access to a descent size GPU cluster trying to crack NTLMv2 will also be a challenge. If someone can enlighten me on some ways to gain a foothold with those hashes im all ears 

  • Upvote 1
Link to comment
Share on other sites

Yeah, if you are trying to brute force incremental with no wordlist base, it will take forever.  I use Hashcat with my gpu using a wordlist and some of the rules hashcat has.  If target is researched and I generate a wordlist for them then I use dymerg to combine and unique a new word list using it and my default list to use.  I have a pretty okay success rate and most time I spend is with the biggest rule but believe it is only a few hours to exhaust.  If that fails then only time I try again is if I have new words to add to the list.  Mass brute force takes too long and not feasible without a crackzilla.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...