QuickCreds .. sometimes yes, sometimes no :(

[solutionz]

Greetings and salutations. New BashBunny user here. took QuikInterest in QuickCreds. I have some questions on hashing issues. if i grab a hash and it doesnt start with a username, i can never crack it, even when i use a 1 word dic :( .. For example, i can crack "BigJohn::BJsLaptop:918CDEBC6......." all day long. my problem is when i get dumps that look like this "BJsLaptop::BJsLaptop:918CDEBC6......." When the hostname is where the username is expected i cant do anything with that hash :(. I use hashcat on mining rigs, -a 5500  and -a 5600 is all i seem to need for windows. Also, i may get a failure (blinking red) or 2 when launching QC attack, but then it will pawn. Furthemore, some boxes, traps are never clean, sea of blinking amber for all eternity. Any insults or degredations appreciated, thank you.

[Dave-ee Jones]

You may need to find a different way of grabbing the username, then appending it to the front of the hash with the PC name. Grab the hash, hostname and username separately and append them together with the "::" and ":" in the middles.

I don't really know much about this hashing business but I can't think of a way to get QuickCreds working 100% of the time. It's just how it goes - every PC is different..

[PoSHMagiC0de]

Because the login name is used as part of the key for the hash.  You need the login info, domain too if it was included.  Hashes should always include the username they belong to when passed.  Do not know why Quickcreds is not getting it.

[solutionz]

trying to append username after hash has been captured is a no go. however, I appreciate your replies.

[digip]

I don't know that the user name and server/workstation name make a difference other than parsing the file for results. The hash is the important part. Try John, see what it says about the hash. You can always edit the hash and just put "Workstation" in there and see what happens.