Login

10-19-2020, 08:13 PM

10+ hours into this and I have tried nearly everything. Desperate for some help on this one.

$ uname -a
Linux kraken-office 4.15.0-122-generic #124-Ubuntu SMP Thu Oct 15 13:03:05 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

$ sudo python3 agent.zip
Starting client 's3-python-0.6.0.10'...
Collecting agent data...
Login successful!
Hashtopolis Server version: 0.12.0 ()
Client is up-to-date!

I have tried reconfiguring the task creation in every concievable way, but always get one of two errors:

ERROR 1: Use of --remove is not supported in native hashfile-format mode
ERROR 2: Getting of chunk failed: {'action': 'getChunk', 'response': 'ERROR', 'message': 'Agent is inactive!'}

$ --debug
CALL: ./hashcat.bin --machine-readable --quiet --status --restore-disable --session=hashtopolis --status-timer 10 --outfile-check-timer=10 --outfile-check-dir=../../hashlist_9 -o ../../hashlists/9.out --outfile-format=1,2,3,4 -p " " -s 0 -l 600 --potfile-disable --remove --remove-timer=10 ../../hashlists/9 ../../files/rockyou.txt -r ../../files/OneRuleToRuleThemAll.rule --hash-type=1000
started cracking

I also get "no task available" when there is indeed a task available

***s3in!c*** · 10-19-2020, 08:45 PM

Ok, I guess all the issues are related to one problem. How does your hashlist look like? Did you make sure that you only are attacking the hashes and nothing else is in the list?
And the second error you normally get, when the first error happened and hashtopolis deactivates the agent as a precaution because it errored and it you are supposed to tick it back active if you think issues are fixed.

10-19-2020, 08:53 PM

(10-19-2020, 08:45 PM)s3in!c Wrote: Ok, I guess all the issues are related to one problem. How does your hashlist look like? Did you make sure that you only are attacking the hashes and nothing else is in the list?
And the second error you normally get, when the first error happened and hashtopolis deactivates the agent as a precaution because it errored and it you are supposed to tick it back active if you think issues are fixed.

Thanks for the response.

My hashlist looks like this

domain.com\user1:1168:aad3b435b51404eeaad3b435b51404ee:75680401b1a039c09437c0b1971197c1:::
domain.com\user2:1174:aad3b435b51404eeaad3b435b51404ee:0fdc27a8e8b73c95748db7174318d7a4:::
domain.com\user3:1179:aad3b435b51404eeaad3b435b51404ee:45e5bcbfc3d7d4991bed71987269e1a2:::

Which is the output of an ntds dump. I used 1000 : NTLM
I also tried it with removing the domain. I also tried 5600 (pwdump) just for fun and in case, but it could not parse that.

Makes sense about the agent timeout on error.

Any other info that is helpful I will provide

***s3in!c*** · 10-19-2020, 09:29 PM

If you attack the NTLM hashes you need to explicitly extract them. To crack hashes, all the stuff around it, should not be there, your hashlist needs to look like

75680401b1a039c09437c0b1971197c1
0fdc27a8e8b73c95748db7174318d7a4
45e5bcbfc3d7d4991bed71987269e1a2

10-19-2020, 09:31 PM

(10-19-2020, 09:29 PM)s3in!c Wrote: If you attack the NTLM hashes you need to explicitly extract them. To crack hashes, all the stuff around it, should not be there, your hashlist needs to look like

75680401b1a039c09437c0b1971197c1
0fdc27a8e8b73c95748db7174318d7a4
45e5bcbfc3d7d4991bed71987269e1a2

Trying this now and will update you.

This begs the question, how to then correlate the hashes to the usernames?
Seems like I'd have to manually correlate which will ultimately cost me a lot of time

Is there any possible way to crack the output of a domain dump?

Extracting just the NTLM hash did work, but largely defeats the purpose of what I'm trying to accomplish here.
All of the cracked hashes are disassociated from their users

Login
Username:
Password:	Lost Password?
	Remember me