| Author |
NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
As I understand, NTLM isn't really a hash function as it relies mainly on MD4. After searching around the internet, as I understand it, it is simply as follows. Convert your string to hexadecimal, add 00 to the end of each character and then pass this new string into the MD4 algorithm. The problem is, once I have my hexadecimal string with added 00's, it does not result in the hash i expect as I have previously calculated it using a website (I am certain it is working correctly). I am simply at a loss at what to do with my hexadecimal string (with added 00's) to retrieve the NTLM hash. Any help would be greatly appreciated and if I have missed something vital in the algorithm, please do tell me, thank you.
P.S I am certain the sites I used to convert to hexadecimal and to calculate MD4 hashes are working correctly. |
|
| Author |
RE: NTLM Algorithm Confusion |
shadowls
You Like this!
Posts: 836
Location: look behind you
Joined: 07.12.06
Rank: Godlike |
|
Man, i wish i can help you. But it is hard to understand what your talking about.
If you think my post are useful to you, please vote for them. Thank You
knowledge is powerful itself - SHADOWLS
Made by:agentmax69, but remastered by: KvK
Respects:
Mr_cheese
system_meltdown
rex |
   
|
| Author |
RE: NTLM Algorithm Confusion |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
I've just read the wiki pages on LM and NTLM, those two pages offer all the help you'll need.
"The chowner of property." - Zeph “Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
|
| Author |
RE: NTLM Algorithm Confusion |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
I'm kinda at a loss here myself as to what you are trying to do. You have the escaped string and your converting it but it's not what you calculated beforehand??? Give a little better descblockedription and details as to what you are trying to do when you post for help.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
|
I do apologize for not making myself clear. I am looking to develop a function in C++ to calculate the NTLM hash of a given string, as I have searched the internet yet cannot find one. I used http://nediam.com.mx/winhashes/index.php to calculate the NTLM hash of "cheese" for example; the result is: "208adb08381adab3032eedbd35399642". The problem is after reading multiple articles on the process to get from "cheese" to the above hash, I am still confused. The algorithm I have derived from multiple sites is simply to convert the plain text to hexadecimal and then add 00 after each character. This gets me from "cheese" to "630068006500650073006500". Then put this value into the MD4 algorithm. I used http://www.brent0n.com/?page_id=103 to do this yet the result is "0a09757d0c75ca9dade4eecd2270b812". I am simply confused at what I did wrong and how I can get from "630068006500650073006500" to "208adb08381adab3032eedbd35399642". I hope that was clearer, thank you again. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
AldarHawk
The Manager
Posts: 1663
Location: Canada
Joined: 26.01.06
Rank: God |
|
Which version of NTLM are you attempting to hit?
NTLMv1 is done this way
C = 8-byte server challenge, random
K1 | K2 | K3 = NT-Hash | 5-bytes-0
R1 = DES(K1,C) | DES(K2,C) | DES(K3,C)
K1 | K2 | K3 = LM-Hash | 5-bytes-0
R2 = DES(K1,C) | DES(K2,C) | DES(K3,C)
response = R1 | R2
NTLMv2 is done this way
CS = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC, domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
LMv2 = HMAC-MD5(v2-Hash, CS, CC)
NTv2 = HMAC-MD5(v2-Hash, CS, CC*)
response = LMv2 | CC | NTv2 | CC*
or are you talking about LM hash?
The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a zero bit after every seven bits. This generates the 64 bits needed for the DES key.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
If you are looking to crack the passwords try OphCrack 
|
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
|
Thank you for your reply, but I am struggling to understand the method you described. If it helps, I simply wish to know how http://nediam.com.mx/winhashes/index.php converts plain text to the NT hash or how windows encodes user passwords to form the hash present in the SAM file. Thank you again. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
The ntlm AldarHawk is descibing is more of the network protocol of ntlm as descibed here:
http://curl.haxx.se/rfc/ntlm.html
Your looking for the nt alogarith in the sam files. I pulled up some links to help you understand a little better:
http://courses.cit.cornell.edu/ece576/FinalProjects/f2008/tt236/tt236/high_level_design.html
http://technet.microsoft.com/en-us/library/cc875839.aspx
These should clarify things for you.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
|
I worry I am not being completely clear. I have searched the internet more than enough yet the algorithms described do not work for me. Rather than being redirected to more articles on the concept, I would love if someone could simply go through the algorithm with me getting from plain text to the hash. Please bear in mind I have located examples like that on the internet yet they did not help, I am hoping you can, thank you again. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
|
I thank you all greatly for your help but I eventually found some source on the internet which can convert any given string to the NT hash. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
WetMackerel wrote:
I thank you all greatly for your help but I eventually found some source on the internet which can convert any given string to the NT hash.
Well, post the algorithm/link then!
"The chowner of property." - Zeph “Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
Sorry, I wasn't sure if anyone would be interested.
http://openwall.info/wiki/john/NTLM |
|
|
| Author |
RE: NTLM Algorithm Confusion |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
|
WetMackerel begged:
I would love if someone could simply go through the algorithm with me getting from plain text to the hash
You've read tons of links including the ones I posted and still didn't understand the algorithm. Well I guess next time we'll just have to sit you on are lap and explain it to you. If you didn't get it from the links you'll never get it.
Also that code you found is incorrect.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: NTLM Algorithm Confusion |
pigmanbear
Member
Posts: 64
Location:
Joined: 25.03.08
Rank: Active User |
|
|
Hey Korg, thanks for the link. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
WetMackerel
Member
Posts: 7
Location:
Joined: 22.10.08
Rank: Monster |
|
|
If there is a problem with that code, I have not found it, it works completely fine for me so perhaps you have made a mistake compiling it. Also, I did not ask to be patronized, I was simply asking for some of your help rather than you modeling a search engine and sending me to articles I have already read. |
|
|
| Author |
RE: NTLM Algorithm Confusion |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
meh, Of course it compiles fine but you don't get it, that's because you didn't write the code. Oh and yes I was not patronizing you I was simply making a fact. You were given links as to how the Algorithm works but yet you couldn't write your own code for it. If you post in the forums we can help you but NOT give you answers. Use your brain and Research.
EDIT: Spelling and fail on your part for using someone else's code.
I deal in pain, All life I drain, I dominate, I seal your fate.
Edited by korg on 09-02-09 03:54 |
|
|
Main:
