nerdexam
GIAC

GCIH · Question #720

An engineer is using Hashcat to brute force passwords from a file of hashes. How should the following hash be handled in the scenario? 0843c6lee36fcdebcfec3333e62fe187

The correct answer is D. The hash should be cracked as an NT hash. The hash '0843c6lee36fcdebcfec3333e62fe187' is 32 characters long and matches the NT (NTLM) hash format, which Hashcat should crack using mode 1000.

Vulnerability Exploitation & Privilege Escalation

Question

An engineer is using Hashcat to brute force passwords from a file of hashes. How should the following hash be handled in the scenario? 0843c6lee36fcdebcfec3333e62fe187

Options

  • AThe hash should be skipped
  • BThe hash should be cracked as a SHA256 hash
  • CThe hash should be decoded
  • DThe hash should be cracked as an NT hash

How the community answered

(57 responses)
  • A
    9% (5)
  • B
    14% (8)
  • C
    4% (2)
  • D
    74% (42)

Why each option

The hash '0843c6lee36fcdebcfec3333e62fe187' is 32 characters long and matches the NT (NTLM) hash format, which Hashcat should crack using mode 1000.

AThe hash should be skipped

Skipping is incorrect because the hash is a valid 32-character NT hash that Hashcat can process with the appropriate mode.

BThe hash should be cracked as a SHA256 hash

SHA-256 hashes produce 64-character hex strings, so a 32-character hash cannot be SHA-256.

CThe hash should be decoded

Hashes are one-way functions and cannot be decoded or reversed directly - they must be cracked by comparing candidate hashes.

DThe hash should be cracked as an NT hashCorrect

NT hashes (NTLM) are 32-character hexadecimal strings produced by applying MD4 to the UTF-16LE encoded password. The hash length and format here match NT hash output, making Hashcat mode 1000 the correct approach. Skipping or misidentifying the algorithm would prevent successful cracking.

Concept tested: Identifying NT hash format for password cracking

Source: https://hashcat.net/wiki/doku.php?id=example_hashes

Topics

#Hashcat#NT hash#password cracking#hash identification

Community Discussion

No community discussion yet for this question.

Full GCIH Practice