Skip to content

Commit

Permalink
NetNTLM (vanilla + NT)
Browse files Browse the repository at this point in the history 
fix #92
  • Loading branch information
@noraj
noraj committed Dec 15, 2021
1 parent 2cd7ba1 commit df819a8
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 5 deletions.
45 changes: 40 additions & 5 deletions data/prototypes.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2352,24 +2352,59 @@
]
},
{
"regex": "^[^\\\\\\/:*?\"<>|]{1,20}[:]{2,3}([^\\\\\\/:*?\"<>|]{1,20})?:[a-f0-9]{48}:[a-f0-9]{48}:[a-f0-9]{16}$",
"regex": "^[^\\/:*?\"<>|]{0,60}::[^\\/:*?\"<>|]{0,45}:[a-f0-9]{0,48}:[a-f0-9]{48}:[a-f0-9]{16}$",
"modes": [
{
"john": "netntlm",
"john": "netntlm / netntlm-naive",
"hashcat": 5500,
"extended": false,
"name": "NetNTLMv1-VANILLA / NetNTLMv1+ESS"
"name": "NetNTLMv1 / NetNTLMv1+ESS (vanilla)",
"samples": [
"u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c",
"CORP\\Administrator:::25B2B477CE101D83648BB087CE7A1C217F51C7FC64C0EBB1:C8BD0C1630A9ECF7A95F494A8F0B2CB4A3F25B1225514304:1122334455667788",
"DOMAIN\\User:::c70e4fb229437ef300000000000000000000000000000000:abf7762caf2b1bbfc5cfc1f46665249f049e0af72ae5b5a9:24ca92fdab441aa4",
"ESS:::4765f360625700b000000000000000000000000000000000:81f5ecd8a77fe819f7f6689a08a27ac705fc2e1bb00cecb2:c75c20bff9baa71f"
]
},
{
"john": "netntlm / netntlm-naive",
"hashcat": 27000,
"extended": false,
"name": "NetNTLMv1 / NetNTLMv1+ESS (NT)",
"samples": [
"::5V4T:ada06359242920a500000000000000000000000000000000:0556d5297b5daa70eaffde82ef99293a3f3bb59b7c9704ea:9c23f6c094853920"
]
}
]
},
{
"regex": "^([^\\\\\\/:*?\"<>|]{1,20}\\\\)?[^\\\\\\/:*?\"<>|]{1,20}[:]{2,3}([^\\\\\\/:*?\"<>|]{1,20}:)?[^\\\\\\/:*?\"<>|]{1,20}:[a-f0-9]{32}:[a-f0-9]+$",
"regex": "^[^\\/:*?\"<>|]{0,60}::[^\\/:*?\"<>|]{0,45}:[a-f0-9]{16}:[a-f0-9]{32}:[a-f0-9]{2,1024}$",
"modes": [
{
"john": "netntlmv2",
"hashcat": 5600,
"extended": false,
"name": "NetNTLMv2"
"name": "NetNTLMv2 (vanilla)",
"samples": [
"admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030",
"ntlmv2test::WORKGROUP:1122334455667788:07659A550D5E9D02996DFD95C87EC1D5:0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000",
"USER1::Domain:1122334455667788:5E4AB1BF243DCA304A00ADEF78DC38DF:0101000000000000BB50305495AACA01338BC7B090A62856000000000200120057004F0052004B00470052004F00550050000000000000000000",
"TESTWORKGROUP\\NTlmv2:::1122334455667788:07659A550D5E9D02996DFD95C87EC1D5:0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000",
"NTlmv2::TESTWORKGROUP:1122334455667788:07659A550D5E9D02996DFD95C87EC1D5:0101000000000000006CF6385B74CA01B3610B02D99732DD000000000200120057004F0052004B00470052004F00550050000100200044004100540041002E00420049004E0043002D0053004500430055005200490000000000",
"TestUser::W2K3ADWIN7:1122334455667788:989B96DC6EAB529F72FCBA852C0D5719:01010000000000002EC51CEC91AACA0124576A744F198BDD000000000200120057004F0052004B00470052004F00550050000000000000000000",
"user::W2K3ADWIN7:1122334455667788:5BD1F32D8AFB4FB0DD0B77D7DE2FF7A9:0101000000000000309F56FE91AACA011B66A7051FA48148000000000200120057004F0052004B00470052004F00550050000000000000000000",
"W2K3ADWIN7\\user1:::1122334455667788:027EF88334DAA460144BDB678D4F988D:010100000000000092809B1192AACA01E01B519CB0248776000000000200120057004F0052004B00470052004F00550050000000000000000000",
"W2K3ADWIN7\\TEST_USER:::1122334455667788:A06EC5ED9F6DAFDCA90E316AF415BA71:010100000000000036D3A13292AACA01D2CD95757A0836F9000000000200120057004F0052004B00470052004F00550050000000000000000000"
]
},
{
"john": "netntlmv2",
"hashcat": 27100,
"extended": false,
"name": "NetNTLMv2 (NT)",
"samples": [
"0UL5G37JOI0SX::6VB1IS0KA74:ebe1afa18b7fbfa6:aab8bf8675658dd2a939458a1077ba08:010100000000000031c8aa092510945398b9f7b7dde1a9fb00000000f7876f2b04b700"
]
}
]
},
Expand Down
9 changes: 9 additions & 0 deletions docs/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,14 @@
- SNMPv3 HMAC-SHA384-256
- SNMPv3 HMAC-SHA512-384
- Ruby on Rails Restful Auth (one round, no sitekey) [#91][#91]
- NetNTLM (NT) [#92][#92]
- NetNTLMv1 / NetNTLMv1+ESS (NT)
- NetNTLMv2 (NT)
- Enhancements:
- NetNTLM (vanilla)
- Better regexp
- Better description
- Add samples
- Chore:
- MFA required for gem release
- Better publishing documentation
Expand All @@ -33,6 +41,7 @@
[#89]:https://github.com/noraj/haiti/issues/89
[#88]:https://github.com/noraj/haiti/issues/88
[#91]:https://github.com/noraj/haiti/issues/91
[#92]:https://github.com/noraj/haiti/issues/92

## [1.2.2]

Expand Down

0 comments on commit df819a8

Please sign in to comment.