We captured an NTLMv2 hash and we want to crack it.
hashcat --help | grep NTLMwe can see that the value would be 5600 for NTLMv2
that means our hashcat command should be:
hashcat -m 5600 hashes.txt rockyou.txt -OWe can also use their wiki for modules:
to show pass if you already cracked:
hashcat -m 5600 hashes.txt rockyou.txt --showbetter password list:
rockyou2021 (90 GB)Rules:
hashcat -m 5600 hashes.txt rockyou.txt -r OneRuleSmart things to think about:
If the company is in or near Pittsburgh, maybe try passwords related to the Pittsburgh football team!