Nick Kwiecien Posted June 13, 2017 Share Posted June 13, 2017 So I've successfully dumped NTLMv2 hashes from a locked PC and I am stuck on what you can do with them from there. With the new security updates regarding token based filtering trying to pass the hash or remote login without being a SID 500 is almost useless and unless you have access to a descent size GPU cluster trying to crack NTLMv2 will also be a challenge. If someone can enlighten me on some ways to gain a foothold with those hashes im all ears 1 Quote Link to comment Share on other sites More sharing options...
b0N3z Posted June 20, 2017 Share Posted June 20, 2017 run it through john-the-ripper with a password list Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted June 21, 2017 Share Posted June 21, 2017 Yeah, if you are trying to brute force incremental with no wordlist base, it will take forever. I use Hashcat with my gpu using a wordlist and some of the rules hashcat has. If target is researched and I generate a wordlist for them then I use dymerg to combine and unique a new word list using it and my default list to use. I have a pretty okay success rate and most time I spend is with the biggest rule but believe it is only a few hours to exhaust. If that fails then only time I try again is if I have new words to add to the list. Mass brute force takes too long and not feasible without a crackzilla. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.