Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82826
Newest Member: Jakob
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 05-02-09 22:35
As I understand, NTLM isn't really a hash function as it relies mainly on MD4. After searching around the internet, as I understand it, it is simply as follows. Convert your string to hexadecimal, add 00 to the end of each character and then pass this new string into the MD4 algorithm. The problem is, once I have my hexadecimal string with added 00's, it does not result in the hash i expect as I have previously calculated it using a website (I am certain it is working correctly). I am simply at a loss at what to do with my hexadecimal string (with added 00's) to retrieve the NTLM hash. Any help would be greatly appreciated and if I have missed something vital in the algorithm, please do tell me, thank you.

P.S I am certain the sites I used to convert to hexadecimal and to calculate MD4 hashes are working correctly.
Author

RE: NTLM Algorithm Confusion

shadowls
You Like this!



Posts: 840
Location:
Joined: 07.12.06
Rank:
God
Posted on 06-02-09 02:05
Man, i wish i can help you. But it is hard to understand what your talking about.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee
None None
Author

RE: NTLM Algorithm Confusion

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 06-02-09 02:17
I've just read the wiki pages on LM and NTLM, those two pages offer all the help you'll need.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: NTLM Algorithm Confusion

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 06-02-09 11:55
I'm kinda at a loss here myself as to what you are trying to do. You have the escaped string and your converting it but it's not what you calculated beforehand??? Give a little better description and details as to what you are trying to do when you post for help.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 06-02-09 16:40
I do apologize for not making myself clear. I am looking to develop a function in C++ to calculate the NTLM hash of a given string, as I have searched the internet yet cannot find one. I used http://nediam.com.mx/winhashes/index.php to calculate the NTLM hash of "cheese" for example; the result is: "208adb08381adab3032eedbd35399642". The problem is after reading multiple articles on the process to get from "cheese" to the above hash, I am still confused. The algorithm I have derived from multiple sites is simply to convert the plain text to hexadecimal and then add 00 after each character. This gets me from "cheese" to "630068006500650073006500". Then put this value into the MD4 algorithm. I used http://www.brent0n.com/?page_id=103 to do this yet the result is "0a09757d0c75ca9dade4eecd2270b812". I am simply confused at what I did wrong and how I can get from "630068006500650073006500" to "208adb08381adab3032eedbd35399642". I hope that was clearer, thank you again.
Author

RE: NTLM Algorithm Confusion

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 06-02-09 19:43
Which version of NTLM are you attempting to hit?

NTLMv1 is done this way

C = 8-byte server challenge, random
K1 | K2 | K3 = NT-Hash | 5-bytes-0
R1 = DES(K1,C) | DES(K2,C) | DES(K3,C)
K1 | K2 | K3 = LM-Hash | 5-bytes-0
R2 = DES(K1,C) | DES(K2,C) | DES(K3,C)
response = R1 | R2

NTLMv2 is done this way

CS = 8-byte server challenge, random
CC = 8-byte client challenge, random
CC* = (X, time, CC, domain name)
v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)
LMv2 = HMAC-MD5(v2-Hash, CS, CC)
NTv2 = HMAC-MD5(v2-Hash, CS, CC*)
response = LMv2 | CC | NTv2 | CC*

or are you talking about LM hash?

The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a zero bit after every seven bits. This generates the 64 bits needed for the DES key.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.


If you are looking to crack the passwords try OphCrack Wink


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 06-02-09 20:12
Thank you for your reply, but I am struggling to understand the method you described. If it helps, I simply wish to know how http://nediam.com.mx/winhashes/index.php converts plain text to the NT hash or how windows encodes user passwords to form the hash present in the SAM file. Thank you again.
Author

RE: NTLM Algorithm Confusion

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 06-02-09 21:51
The ntlm AldarHawk is descibing is more of the network protocol of ntlm as descibed here:
http://curl.haxx.. . ./ntlm.html
Your looking for the nt alogarith in the sam files. I pulled up some links to help you understand a little better:
http://courses.ci. . .esign.html
http://technet.mi. . .75839.aspx
These should clarify things for you.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 07-02-09 14:50
I worry I am not being completely clear. I have searched the internet more than enough yet the algorithms described do not work for me. Rather than being redirected to more articles on the concept, I would love if someone could simply go through the algorithm with me getting from plain text to the hash. Please bear in mind I have located examples like that on the internet yet they did not help, I am hoping you can, thank you again.
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 07-02-09 16:08
I thank you all greatly for your help but I eventually found some source on the internet which can convert any given string to the NT hash.
Author

RE: NTLM Algorithm Confusion

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 07-02-09 16:49
WetMackerel wrote:
I thank you all greatly for your help but I eventually found some source on the internet which can convert any given string to the NT hash.


Well, post the algorithm/link then!



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 07-02-09 18:15
Sorry, I wasn't sure if anyone would be interested.

http://openwall.i. . ./john/NTLM
Author

RE: NTLM Algorithm Confusion

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 08-02-09 01:47
WetMackerel begged:
I would love if someone could simply go through the algorithm with me getting from plain text to the hash


You've read tons of links including the ones I posted and still didn't understand the algorithm. Well I guess next time we'll just have to sit you on are lap and explain it to you. If you didn't get it from the links you'll never get it.

Also that code you found is incorrect.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: NTLM Algorithm Confusion


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-09 04:31
Hey Korg, thanks for the link.
Author

RE: NTLM Algorithm Confusion

WetMackerel
Member

Your avatar

Posts: 7
Location:
Joined: 22.10.08
Rank:
Guest
Posted on 08-02-09 14:50
If there is a problem with that code, I have not found it, it works completely fine for me so perhaps you have made a mistake compiling it. Also, I did not ask to be patronized, I was simply asking for some of your help rather than you modeling a search engine and sending me to articles I have already read.
Author

RE: NTLM Algorithm Confusion

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 09-02-09 03:37
meh, Of course it compiles fine but you don't get it, that's because you didn't write the code. Oh and yes I was not patronizing you I was simply making a fact. You were given links as to how the Algorithm works but yet you couldn't write your own code for it. If you post in the forums we can help you but NOT give you answers. Use your brain and Research.

EDIT: Spelling and fail on your part for using someone else's code.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.

Edited by korg on 09-02-09 03:54
O R