solutionz Posted July 22, 2017 Share Posted July 22, 2017 Greetings and salutations. New BashBunny user here. took QuikInterest in QuickCreds. I have some questions on hashing issues. if i grab a hash and it doesnt start with a username, i can never crack it, even when i use a 1 word dic :( .. For example, i can crack "BigJohn::BJsLaptop:918CDEBC6......." all day long. my problem is when i get dumps that look like this "BJsLaptop::BJsLaptop:918CDEBC6......." When the hostname is where the username is expected i cant do anything with that hash :(. I use hashcat on mining rigs, -a 5500 and -a 5600 is all i seem to need for windows. Also, i may get a failure (blinking red) or 2 when launching QC attack, but then it will pawn. Furthemore, some boxes, traps are never clean, sea of blinking amber for all eternity. Any insults or degredations appreciated, thank you. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted July 23, 2017 Share Posted July 23, 2017 You may need to find a different way of grabbing the username, then appending it to the front of the hash with the PC name. Grab the hash, hostname and username separately and append them together with the "::" and ":" in the middles. I don't really know much about this hashing business but I can't think of a way to get QuickCreds working 100% of the time. It's just how it goes - every PC is different.. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted July 24, 2017 Share Posted July 24, 2017 Because the login name is used as part of the key for the hash. You need the login info, domain too if it was included. Hashes should always include the username they belong to when passed. Do not know why Quickcreds is not getting it. Quote Link to comment Share on other sites More sharing options...
solutionz Posted July 24, 2017 Author Share Posted July 24, 2017 trying to append username after hash has been captured is a no go. however, I appreciate your replies. Quote Link to comment Share on other sites More sharing options...
digip Posted July 24, 2017 Share Posted July 24, 2017 I don't know that the user name and server/workstation name make a difference other than parsing the file for results. The hash is the important part. Try John, see what it says about the hash. You can always edit the hash and just put "Workstation" in there and see what happens. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.