[bug] Unable to authenticate using a NT hash

[jsdhasfedssad]

Hi,

Thank you for this tool!

I am trying to authenticate using a NT hash but for unknown reasons I am unable to format my command in a way this tool accepts. I have tried different syntax but so far none works. Including the one that is outputted in the the error message (which does not make sence). What is the correct syntax? If this is a bug, perhaps Kerberos authentication should be verified as well.

[p0dalirius]

Hey @jsdhasfedssad,

Your NT hash (fc525c9683e8fe067095ba2ddc97188) is missing a character, it is only 31 characters long instead of 32. I've just tried with an NT hash on my end and it works fine.

./FindUncommonShares.py -u Administrator -H 520126a03f5d5a8d836f1c4f34ede7ce --domain DOMAIN.local --dc-ip 192.168.1.71 --check-user-access

Do not hesitate to open an issue if you encounter further problems,

Best regards,
Podalirius

[jsdhasfedssad]

You were right about the short hash. However, after correcting that I still have issues.

As you can see below authenticating to LDAP using the same account and NT hash to the same target using CrackMapExec works. Using the same account but using it's plaintext password in combination with FindUncommonShares works. But, using the same account and it's NT hash with FindUncommonShares fails.

[p0dalirius]

Yes I had that too I need to fix that

Please add a : in front of the hash for the moment, like this -H :fc525c9683e8fe067095ba2ddc97188d

[jsdhasfedssad]

Aha. Good. Now it works. Thanks!

I noticed you have the same issue with DumpSMBShare.py. Please fix this in that to.

[p0dalirius]

Good point, I will too

[jsdhasfedssad]

Hi again,

Today I cloned main in order to test this fix. Now authenticating using a NT hash works but using a plaintext password does not. The opposite to before the fix.

[p0dalirius]

Hi @jsdhasfedssad, I've fixed it :)