{"id":232,"date":"2010-05-24T20:14:23","date_gmt":"2010-05-24T20:14:23","guid":{"rendered":"http:\/\/psyphi.net\/blog\/?p=232"},"modified":"2010-05-24T20:16:20","modified_gmt":"2010-05-24T20:16:20","slug":"generating-mscache-ntlm-hashes-using-perl","status":"publish","type":"post","link":"https:\/\/psyphi.net\/blog\/2010\/05\/generating-mscache-ntlm-hashes-using-perl\/","title":{"rendered":"Generating MSCACHE & NTLM hashes using Perl"},"content":{"rendered":"

I’ve been doing a lot of tinkering recently whilst working on the revised rainbowcracklimited.com<\/a> website. Naturally it uses Perl on the back end so I’ve had to find out how to make Windows-style hashes of various types using largely non-native means.<\/p>\n

On the whole I’ve been able to make good use of the wealth of CPAN modules – Digest::MD4<\/a>, Digest::MD5<\/a>, Digest::SHA<\/a> and Authen::Passphrase<\/a> but for one reason and another I’ve wanted to find out how to make NTLM and MSCACHE hashes “by-hand”. It turns out this is pretty easy:<\/p>\n

NTLM is just a MD4 digest of the password in Unicode, or to be specific utf16 2-byte characters + surrogates:<\/p>\n

perl -M\"Unicode::String latin1\" -M\"Digest::MD4 md4_hex\" -e 'print md4_hex(latin1(\"cheese\")->utf16le),\"\\n\"'<\/code><\/p>\n

MSCACHE is a little bit more fiddly as it also encodes the Unicode username as well:<\/p>\n

perl -M\"Unicode::String latin1\" -M\"Digest::MD4 md4_hex\" -e 'print md4_hex(latin1(\"cheese\")->utf16le . latin1(lc \"Administrator\")->utf16le),\"\\n\"'<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve been doing a lot of tinkering recently whilst working on the revised rainbowcracklimited.com website. Naturally it uses Perl on the back end so I’ve had to find out how to make Windows-style hashes of various types using largely non-native means. On the whole I’ve been able to make good use of the wealth of … Continue reading “Generating MSCACHE & NTLM hashes using Perl”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[11,17],"tags":[381,379,380,385,383,382,21,384],"class_list":["post-232","post","type-post","status-publish","format-standard","hentry","category-programming","category-sysadmin","tag-cracking","tag-hashes","tag-hashing","tag-mscache","tag-ntlm","tag-passwords","tag-perl","tag-unicode"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/posts\/232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/comments?post=232"}],"version-history":[{"count":5,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/posts\/232\/revisions"}],"predecessor-version":[{"id":237,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/posts\/232\/revisions\/237"}],"wp:attachment":[{"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/media?parent=232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/categories?post=232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/psyphi.net\/blog\/wp-json\/wp\/v2\/tags?post=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}