GCIH · Question #675
What is the outcome of the command below? hashcat -m 3000 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?u?d?s --increment ?1?1?1?1?1?1
The correct answer is B. Crack six digit LANMAN passwords. This hashcat command performs an incremental brute-force mask attack against LANMAN hashes, targeting passwords up to six characters using uppercase letters, digits, and special characters.
Question
What is the outcome of the command below? hashcat -m 3000 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?u?d?s --increment ?1?1?1?1?1?1
Options
- AAdd new users from a potfile to a Windows Domain Controller
- BCrack six digit LANMAN passwords
- CRemove the encryption from the ntds.dat file
- DCreate a dictionary of 3000 usernames
How the community answered
(67 responses)- A22% (15)
- B64% (43)
- C4% (3)
- D9% (6)
Why each option
This hashcat command performs an incremental brute-force mask attack against LANMAN hashes, targeting passwords up to six characters using uppercase letters, digits, and special characters.
Hashcat is an offline password cracking tool that operates on extracted hash files and has no capability to add, modify, or interact with user accounts on a Windows Domain Controller.
The -m 3000 flag specifies LANMAN (LM) hash mode, which is the legacy Windows password algorithm that splits passwords into two 7-character chunks before hashing each separately. The -a 3 flag triggers mask attack mode, and the mask ?1?1?1?1?1?1 defines a six-character pattern using the custom charset -1 ?u?d?s (uppercase letters, digits, and special characters). The --increment flag causes hashcat to attempt all lengths from 1 through 6 characters, systematically cracking all LANMAN hashes with passwords up to six characters long.
Hashcat does not decrypt or remove encryption from database files - it performs offline hash cracking by comparing candidate hashes against extracted hash values already present in the target file.
The -m 3000 parameter specifies the hash algorithm type to attack rather than a count of usernames, and hashcat generates password candidates to recover plaintext credentials rather than building username lists.
Concept tested: Hashcat LANMAN hash cracking with mask attack
Source: https://hashcat.net/wiki/doku.php?id=hashcat
Topics
Community Discussion
No community discussion yet for this question.