GCIH · Question #668
What hash type is being cracked in the command below? hashcat -m 1000 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile
The correct answer is D. NT hashes. The hashcat mode -m 1000 specifically targets NTLM (NT) hashes, which are stored in the NTDS.dit file extracted from Active Directory.
Question
What hash type is being cracked in the command below? hashcat -m 1000 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile
Options
- ASHA-1
- BLANMAN
- CKerberos 5
- DNT hashes
How the community answered
(46 responses)- A7% (3)
- B4% (2)
- C2% (1)
- D87% (40)
Why each option
The hashcat mode -m 1000 specifically targets NTLM (NT) hashes, which are stored in the NTDS.dit file extracted from Active Directory.
SHA-1 hashes use hashcat mode 100, not mode 1000.
LANMAN (LM) hashes use hashcat mode 3000, not mode 1000.
Kerberos 5 tickets use different hashcat modes such as 7500 (AS-REQ etype 23) or 13100 (TGS-REP etype 23), not mode 1000.
Hashcat mode 1000 is defined as NTLM, which corresponds to the NT hash format stored in both the Windows SAM database and Active Directory's NTDS.dit file. The file 'customer.ntds' is a common naming convention for an extracted NTDS.dit dump containing these NT hashes. This mode targets the MD4-based NT hash format used by all modern Windows systems for local and domain account password storage.
Concept tested: Hashcat mode identification for NT hashes
Source: https://hashcat.net/wiki/doku.php?id=example_hashes
Topics
Community Discussion
No community discussion yet for this question.