GCIH · Question #630
An engineer is using Hashcat to brute force passwords from a file of hashes. How should the following hash be handled in the scenario? aad3b435b51404eeaad3b435b51404ee
The correct answer is A. The hash should be skipped. The hash 'aad3b435b51404eeaad3b435b51404ee' is the well-known null LM hash, indicating an empty or disabled LM password entry, so Hashcat skips it rather than attempting to crack it.
Question
An engineer is using Hashcat to brute force passwords from a file of hashes. How should the following hash be handled in the scenario? aad3b435b51404eeaad3b435b51404ee
Options
- AThe hash should be skipped
- BThe hash should be cracked as a SHA-1 hash
- CThe hash should be decoded
- DThe hash should be cracked as an NT hash
How the community answered
(23 responses)- A78% (18)
- B13% (3)
- C4% (1)
- D4% (1)
Why each option
The hash 'aad3b435b51404eeaad3b435b51404ee' is the well-known null LM hash, indicating an empty or disabled LM password entry, so Hashcat skips it rather than attempting to crack it.
This specific 32-character value is the known null LAN Manager (LM) hash, produced when LM hashing is disabled or the password component is empty. Hashcat recognizes this sentinel value and skips it automatically because it does not represent a real password to recover - it is simply a placeholder indicating no LM credential exists.
SHA-1 hashes are 40 hexadecimal characters long, while this is a 32-character LM format hash, making SHA-1 identification technically incorrect.
Decoding applies to encoding schemes like Base64 or hex encoding of plaintext, but this is a cryptographic hash value and cannot be reversed by decoding.
NT hashes are also 32-character MD4-based values, but this specific string is the universally recognized null LM hash constant, not an NT hash, and attempting to crack it as one would be incorrect and unproductive.
Concept tested: Identifying null LM hash values in Hashcat
Source: https://learn.microsoft.com/en-us/windows-server/security/kerberos/passwords-technical-overview
Topics
Community Discussion
No community discussion yet for this question.