Skip to content

Password Cracking – What is a password hash?


All computers hash a password as a security measure, to prevent them being stored on the computer in plain text.  There are many “hashes” or hashing algorithms, which are like different languages.  You need to know the hashing algorithm, in order to crack the password, just as you need to know the language in order to translate a document. Hash Killer will hash your passwords and salts in real-time, so that you can see how they change. – great for just LM or NTLM hashes So lets see this happen in real time.

Windows and Security – two terms seldom found in the same sentence!

Step 1 – Select a password

Enter the password – eg “password” Enter a salt – this is used to make the password harder to crack. Enter the captcha hash killer 1or use TobTu tob

Step 2 – Get the hashed results of the password

Hash Killer will show the hashes for several hashing algorithms. Kali Linux uses SHA512. hash killer 2 The last hashing algorithms reveal combinations of passwords and salts eg: MD5(Password, Salt) or MD5(Salt, Password) Windows stopped using LM hashing – as it was too weak. There were fatal flaws in the design of the LM hash.

  • It will only accept a maximum of 14 characters. So a password was restricted to 14 characters or less.
  • Next it converted all lowercase characters into uppercase characters. (groans – as this makes cracking much easier).
  • Then it null pads shorter passwords to 14 bytes.
  • Alas, LM splits the original password into 2 halves of 7 characters each, and hashes each half separately.
  • As you will know by now, the shorter the password the faster it is to crack, in addition desktops are capable of cracking 7 character passwords.

Windows replaced the LM hash with NTLM.  There are 2 NTLM versions – currently NTLM v2 is used. However, here comes the next fatal flaw. Many Windows Operating System offer backwards compatibility with LM hashes for legacy systems. This leads us to the next security flaw.

Step 3 – LM Hashes are created in stealth The LM based hashes can be cracked with SSD based tables in about 5 seconds. The NTLM version of the password hash is more secure and can take significant time to crack. The solution then is simple, disable LM password hashing.

Sounds simple doesn’t it? Well, the problem is, it doesn’t work. Even when you tell Windows to not store the less secure LM hash of the password, it still does.

Mike Pilkington posted an exceptional article today on this at the SANS Computer Forensics Blog. In his article, “Protecting Privileged Domain Accounts: LM Hashes — The Good, the Bad, and the Ugly“, Mike shows that even when Windows policy is set to disable LM hashes, the hashes are still created!

The interesting thing is that the lower security hashes are not present on the SAM stored on the hard drive. But when the security accounts are loaded into active RAM, Windows re-creates the LM hashes!

According to Mike’s article, the LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE).

What is the solution then? Make your passwords at least 15 characters! The LM Hash only supports passwords of 14 characters or less, so if your password is over 14 characters, Windows can not create the less secure hash.


KALI Linux – How to find the HASHING algorithm – The Visual Guide

KALI – How to crack passwords using Hashcat – The Visual Guide

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: