nerdexam
ExamsGCIHQuestions#720
GIAC

GCIH · Question #720

GCIH Question #720: Real Exam Question with Answer & Explanation

The correct answer is D: The hash should be cracked as an NT hash. The hash '0843c6lee36fcdebcfec3333e62fe187' is 32 characters long and matches the NT (NTLM) hash format, which Hashcat should crack using mode 1000.

Vulnerability Exploitation & Privilege Escalation

Question

An engineer is using Hashcat to brute force passwords from a file of hashes. How should the following hash be handled in the scenario? 0843c6lee36fcdebcfec3333e62fe187

Options

  • AThe hash should be skipped
  • BThe hash should be cracked as a SHA256 hash
  • CThe hash should be decoded
  • DThe hash should be cracked as an NT hash

Explanation

The hash '0843c6lee36fcdebcfec3333e62fe187' is 32 characters long and matches the NT (NTLM) hash format, which Hashcat should crack using mode 1000.

Common mistakes.

  • A. Skipping is incorrect because the hash is a valid 32-character NT hash that Hashcat can process with the appropriate mode.
  • B. SHA-256 hashes produce 64-character hex strings, so a 32-character hash cannot be SHA-256.
  • C. Hashes are one-way functions and cannot be decoded or reversed directly - they must be cracked by comparing candidate hashes.

Concept tested. Identifying NT hash format for password cracking

Reference. https://hashcat.net/wiki/doku.php?id=example_hashes

Topics

#Hashcat#NT hash#password cracking#hash identification

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice