Use ntlm.pw (by @lkarlslund) to automatically convert hash dumps to credentials
- Lookup cracked NTLM hashes straight from hashdump (hashcat format)
- Split cracked hashes into 2 separate files with
-s - Filter uncracked hashes with
-f - Import hashes directly from NetExec nxcdb with
-X
If this is a lab environment without any sensitive passwords, then sure.
Otherwise, read here
usage: NTLMCrack [-h] [-X [workspace]] [-s] [-n N] [-f] [file_path]
Use ntlm.pw to automatically convert hash dumps to credentials
positional arguments:
file_path Path to the file containing hash dumps
options:
-h, --help show this help message and exit
-X [workspace], --nxc [workspace]
Dump hashes from netexec. Will use currently selected workspace by default
-s, --separate-files Output credentials in separate files
-n N Limit to the first n lines of the file
-f, --filter-not-found
Filter hashes that can't be cracked
- With pipx:
pipx install git+https://github.com/Adamkadaban/NTLMCrackOutput to one file:
NTLMCrack example_hashes/hashes -n 100Output to separate files:
NTLMCrack example_hashes/hashes -n 100 -sFilter hashes that can't be cracked:
NTLMCrack example_hashes/hashes -fImport hashes from current NetExec workspace:
NTLMCrack -XImport hashes from specified NetExec workspace:
NTLMCrack -X GOAD