Lm Hash Decrypter Online

Posted : admin | On 23-04-2021

Ntlm is often used to encrypt Windows users passwords. It's the new 'version' of LM, which was the old encryption system used for Windows passwords. This website allows you to decrypt, if you're lucky, your ntlm hashes, and give you the corresponding plaintext. John -format=LM d: hash.txt. It will start cracking your Windows password. In my example, you can clearly see that John the Ripper has cracked the password within matter of seconds. John the Ripper is probably the world’s best known password cracking tool. But its lack of a GUI interface makes a bit more challenging to use.

Sha1 Hash Decrypter
Ufd2 Hash Decrypter
Ufd2 Decrypter Free Online
Md5 Hash Decrypter Online
Sha256 Decrypter Online
Lm Hash Decrypter online, free

Contents

2 Old Style Hash Retrieval
3 New Style Hash Retrieval

Abstract

Password are stored on hard drives in something called “Registry Files”. Physically they can be found on places like C:WindowsSystem32config in files like ‘SAM’ and ‘SYSTEM’.

They are, of course, not stored in clear text but rather in “hashed” form and for all recent Windows versions, using the NTLM proprietary (but known) hashing algorithm.
However, even the hashes are not stored “as is“, they are actually found Double Encrypted within the SAM Registry Hive, with parts of the encryption keys in the SYSTEM Registry Hive.

This article will try to explain exactly and in great detail how these hashes can be fully retrieved.
It will also discuss the changes that are made in the Windows 10 Anniversary Update (10.0.14393 or v1607). Here Microsoft decided to kick out RC4 encryption in favor of AES encryption (AES-128-CBC with an IV).
This article will only focus on NTLM hashes, not LM.

Everything below is based on personal research and reading papers, books and a lot of different scripts or programs.
The latter include Mimikatz and Powerdump of which only the first one supports AES encrypted hashes.
Since the finalization of my research, I also learned of the existence of CredDump7. CredDump7 also supports AES but not for all systems (see Corner Cases) and focuses on a different use case: it only supports extraction from SAM & SYSTEM dump files.

Note: Many of the terminology I use in this article is by my own choice and could potentially be wrong. A lot of literature differ in the terminology they use and actually use different terms to specify the same things…

Old Style Hash Retrieval

Only four things are needed from the “Target PC” to retrieve any given (local) user hash:

There' a pretty good Microsoft KB article on this exact subject. Basically, LM is used for compatibility with older clients. Specifically, Windows 98 and below. If you do not have any older clients on the network, then the cause for both hashes is most likely due to the password length being. Then I was going to use john the ripper to decipher hashes but it said: Warning: detected hash type 'LM', but the string is also recognized as 'NT' Use the '-format=NT' option to force loading these as that type instead Warning: detected hash type 'LM', but the string is also recognized as 'NT-old' Use the '-format=NT-old' option to force.

The User RID or Runtime Identifier
- For the builtin Administrator this is always ‘500’ (0x1f4), whereas normal users start at ‘1001’ (0x3e9) and increment from there
The Registry HEX Value found at HKLMSAMSAMDomainsAccountUsers000001F4 in the “V” value
- Where “V” means Variable in size and thus uses an “Offset” + “Length” system
- Requires “System” privileges to be extracted and/or seen (Admin is not enough)
The Registry HEX Value found at HKLMSAMSAMDomainsAccount in the “F” value
- Where “F” means Fixed in size and only requires knowledge of the fixed offsets
- Requires “System” privileges to be extracted and/or seen (admin privs are not enough)
The Class Names of 4 Registry Keys: HKLMSystemCurrentControlSetControlLsa{JD,Skew1,GBG,Data}
- These are not values of some sort and are actually not visible in the regedit GUI
- To get these values, the keys need to be exported as Text (txt)

These things, combined with some static values as below are the only “input” things that are needed.
!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%
0123456789012345678901234567890123456789
NTPASSWORD
ShiftArray1 = [8,5,4,2,11,9,13,3,0,6,1,12,14,10,15,7]
ShiftArray2 = [0,1,2,3,0,1,2]
ShiftArray3 = [3,0,1,2,3,0,1]

Step By Step Example: old NTLM Hash Retrieval (RC4 Cipher)

–> For the entire article, the demo user is the built in Administrator with RID 500, also visible as ‘0x000001f4’ or (in code) known as ‘f4010000’. The stored password is ‘123456’

There are three different encryptions taking place: DES of the Hash (split in two), RC4 of the DES Encrypted Hash and RC4 for the SysKey. The RC4 keys are actually MD5 Hashes.

Retrieving the Double Encrypted Hash (DES(RC4(NTLMHASH)))
- Hash length at V[0xAC]: if this is 0x14 –> RC4 Hash, if this is 0x38 –> AES Hash,
  if this is some other length –> User has no NTLM password/hash
- The hash itself starts at V[0xA8+0xCC] and always has a length of 16 bytes
- Note: It seems that, although all literature states that at “V[0xAC]” the hash length is specified.
  It actually always seems to be 16 bytes in length. (e.g. here the next 4 bytes would be ‘03000100’)
- Double Encrypted NTLM Hash example: d4442d6644edae736d4f3dfb8ff04f0f (16 bytes)
The RC4 Key to decrypt the Double Encrypted Hash is derived from the “SysKey”, which is in itself also RC4 encrypted. This step will extract the Encrypted SysKey
- F[0x80] = 97700b19ab0fa48f3f5fed8ed046c680 (16 bytes)
The Encrypted SysKey needs to be decrypted, to built the RC4 decryption key, we need the Bootkey.
This Bootkey is calculated by reordering the 4 Class Names from JD, Skew1, GBG and Data
- JD + Skew1 + GBG + Data = 5d5991a3486c05965af833413f2cceb9
- Reorder using ShiftArray1 [8,5,4,2,11,9,13,3,0,6,1,12,14,10,15,7] =
- Bootkey = 5a6c489141f82ca35d05593fce33b996 (16 bytes)
Next up is building the SysKey RC4 Encryption Key. Four values are needed:
- F[0x70] = 70a7884da3fa7f816cbd324e7ac3996f (16 bytes)
- String1 ‘!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%‘
- Bootkey from (3.): 5a6c489141f82ca35d05593fce33b996 (16 bytes)
- String2 ‘0123456789012345678901234567890123456789‘
- These 4 values are put together and hashed using MD5(F[0x70] + String1 + Bootkey + String2)
- Resulting MD5 and SysKey RC4 Encryption Key = d6ec4ecfb9850063cecf65d1f77efe96 (16 bytes)
RC4 decrypting the Encrypted SysKey from (2.) with the Key from (4.)
- RC4Decrypt 97700b19ab0fa48f3f5fed8ed046c680
  with Key d6ec4ecfb9850063cecf65d1f77efe96
- Decrypted SysKey = afe7e35df020b79484a1c49440f90f18 (16 bytes)
To Decrypt the Double Encrypted NTLM hash, the RC4 Key has to be calculated. Three values are needed:
- SysKey from (5.): afe7e35df020b79484a1c49440f90f18 (16 bytes)
- RID of the user: f4010000
- String ‘NTPASSWORD‘
- These 3 values are put together and hashed using MD5(SysKey + RID + String)
- Resulting MD5 and RC4 Key for the Double Encrypted NTLM Hash = 76f1327b198c0731ae2611dab42716ea (16 bytes)
RC4 decrypting the Double Encrypted NTLM hash from (1.) with the Key from (6.)
- RC4Decrypt d4442d6644edae736d4f3dfb8ff04f0f with Key 76f1327b198c0731ae2611dab42716ea
- Encrypted NTLM Hash = a291d14b768a6ac455a0ab9d376d8551 (16 bytes)
The Encrypted NTLM is cut in two and each part is DES encrypted, the DES keys are derived from the RID
- RID = f4010000 (4 bytes)
- DES SOURCE 1 reorder using ShiftArray2 [0,1,2,3,0,1,2] = f4010000f40100 (7 bytes)
- DES SOURCE 2 reorder using ShiftArray3 [3,0,1,2,3,0,1] = 00f4010000f401 (7 bytes)
- 7 bytes needs to become 8 bytes using an algorithm plus Odd Parity (Always odd number of ‘ones’):
- DESKEY1 = f40140010ea10401 (8 bytes)
- DESKEY2 = 017a01200107d002 (8 bytes)
- Note that the only source for these keys is the RID, therefor every Administrator account has the same DESKEYs
Finally cut the Encrypted NTLM hash from (7.) in two and decrypt each part with the DES keys from (8.):
- NTLM Hash part 1 = a291d14b768a6ac4 with DESKEY f40140010ea10401 = 32ed87bdb5fdc5e9 (8 bytes)
- NTLM Hash part 2 = 55a0ab9d376d8551 with DESKEY 017a01200107d002 = cba88547376818d4 (8 bytes)
- Putting these two halves together gives us 32ed87bdb5fdc5e9cba88547376818d4 (16 bytes) which is the hash for password ‘123456’

New Style Hash Retrieval

Sha1 Hash Decrypter

Since July 2016 (Windows 10 v1607), hashes are no longer encrypted with RC4 but are using an AES Cipher. Also all usage of “MD5” is gone.

Watch out: there are subtle differences: In case Windows is installed as a pre v1607 version, all passwords are stored in RC4 format. After an update to v1607, they remain stored in RC4 format until one updates his password. However: even after updating and changing the passwords, the SysKey encryption remains in RC4 format.

This step-by-step only applies to Windows systems that where installed as a post v1607 version. The NTLM hashing algorithm remains the same, so the resulting hash will still be 32ed87bdb5fdc5e9cba88547376818d4 (or ‘123456’ in plain text).

In this case, static strings such as ‘NTPASSWORD’ or ‘!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%’ or no longer used. The entire process is slightly simplified but remains roughly the same. This means only these static “values” need to be known:

ShiftArray1 = [8,5,4,2,11,9,13,3,0,6,1,12,14,10,15,7]
ShiftArray2 = [0,1,2,3,0,1,2]
ShiftArray3 = [3,0,1,2,3,0,1]

Step By Step Example: new NTLM Hash Retrieval (AES Cipher)

There are three different encryptions taking place: DES of the Hash (split in two), AES of the DES Encrypted Hash and AES for the SysKey. The Encryption scheme used is the AES-128-CBC cipher. This means 128bit (or 16byte) keys are required together with a 16 byte Initial Vector (or IV).

Retrieving the Double Encrypted Hash (DES(AES(NTLMHASH)))
- Hash length at V[0xAC]: if this is 0x14 –> RC4 Hash, if this is 0x38 –> AES Hash,
  if this is some other length –> User has no NTLM password/hash
- The hash itself starts at V[0xA8+0xCC] and always has a length of 16 bytes
- Note: It seems that, although all literature states that at “V[0xAC]” the hash length is specified.
  The hash actually always seems to be 16 bytes in length.
- Double Encrypted NTLM Hash example: 3f89be20888e4878a098921d8396b535 (16 bytes)
- The AES Initial Vector (AES IV) starts at V[0xB4+0xCC] and is always 16 bytes
- AES IV example: 3fd3027790ff2c0a5b8f162239d41476 (16 bytes)
The AES Key to decrypt the Double Encrypted Hash is derived from the “SysKey”, which is in itself also AES encrypted. So again Data and IV is extracted.
This step will extract the Encrypted SysKey and IV
- How do we know the SysKey is AES or RC4 encrypted? Just look at the very first byte of the “F” value: 0x02 means RC4 encrypted, 0x03 means AES encrypted
- F[0x88] = 7b06427ecf48cec9b61e67caed0292c9 (16 bytes)
- F[0x78] = ea322e0e26f58e4b5ab8587e75c861db (16 bytes)
We have Encrypted SysKey (data) and the IV, but need the Key to decrypt the SysKey, this is the Bootkey.
This Bootkey is calculated by reordering the 4 Class Names from JD, Skew1, GBG and Data
- JD + Skew1 + GBG + Data = 3f089869880dc18915d4e5adf1f6a792
- Reorder using ShiftArray1 [8,5,4,2,11,9,13,3,0,6,1,12,14,10,15,7] =
- Bootkey = 150d8898add4f6693fc108f1a7e59289 (16 bytes)
(This step is no longer needed with an AES encrypted SysKey.
To decrypt the SysKey, we no longer have to construct the Encryption Key, it just IS the Bootkey and no longer a derivation thereof)
AES decrypting the Encrypted SysKey and IV from (2.) with the Key from (3.)
- AESDecrypt 7b06427ecf48cec9b61e67caed0292c9 with Key 150d8898add4f6693fc108f1a7e59289 and IV ea322e0e26f58e4b5ab8587e75c861db
- Full SysKey = 903d474b0fa91eb3003768eefcc2143d (16 bytes)
- Decrypted SysKey = 903d474b0fa91eb3003768eefcc2143d (16 bytes)
(Again: this step is no longer needed with an AES encrypted Hash. To decrypt the Double Encrypted hash, the key just IS the SysKey and no longer a derivation thereof)
AES decrypting the Double Encrypted NTLM hash and IV from (1.) with the Key from (5.)
- AESDecrypt 3f89be20888e4878a098921d8396b535with Key 903d474b0fa91eb3003768eefcc2143d and IV 3fd3027790ff2c0a5b8f162239d41476
- Encrypted NTLM Hash = a291d14b768a6ac455a0ab9d376d8551 (16 bytes)
The Encrypted NTLM is cut in two and each part is DES encrypted, the DES keys are derived from the RID
- RID = f4010000 (4 bytes)
- DES SOURCE 1 reorder using ShiftArray2 [0,1,2,3,0,1,2] = f4010000f40100 (7 bytes)
- DES SOURCE 2 reorder using ShiftArray3 [3,0,1,2,3,0,1] = 00f4010000f401 (7 bytes)
- 7 bytes needs to become 8 bytes using an algorithm plus Odd Parity (Always odd number of ‘ones’):
- DESKEY1 = f40140010ea10401 (8 bytes)
- DESKEY2 = 017a01200107d002 (8 bytes)
- Note that the only source for these keys is the RID, therefor every Administrator account has the same DESKEYs
Finally cut the Encrypted NTLM hash from (7.) in two and decrypt each part with the DES keys from (8.):
- NTLM Hash part 1 = a291d14b768a6ac4 with DESKEY f40140010ea10401 = 32ed87bdb5fdc5e9 (8 bytes)
- NTLM Hash part 2 = 55a0ab9d376d8551 with DESKEY 017a01200107d002 = cba88547376818d4 (8 bytes)
- Putting these two halves together gives us 32ed87bdb5fdc5e9cba88547376818d4 (16 bytes) which is the hash for password ‘123456’

Corner Cases

As specified earlier, there are also:

Windows systems out there that where installed pre Windows v1607: RC4 encryption only.
Windows systems that where installed as pre Windows v1607 but updated later without password updates (net user Administrator 123456): RC4 encryption only
Windows systems that where installed as pre Windows v1607 and then updated and have updated one or more user passwords (net user Administrator 123456): Mixed RC4 (SysKey) and AES (Hash) encryption
Windows systems that where installed as Windows v1607 or newer: AES encryption only.

My scripts

Ufd2 Hash Decrypter

I have written two scripts Just As A Demonstration or study tool.

I am in no way a real programmer or developer and have created this script just to educate myself and prove my findings. I am fully aware that these scripts can be made a lot more portable, shorter and generally better…

I always try to make them as self contained as possible, requiring little extra libraries. They only library required is pycrypto (which is installed by default on e.g. Kali Linux).

The first script “DumpSomeHashes.py” requires manual actions to retrieve the four things from the target PC (the Registry Data). It is described in the script how to get this data. The script therefor does not have to be run as Admin and will work on any OS (given the used Python libs are installed).

The second script “DumpSomeHashesAuto.py” is an attempt to automate the whole process and will try to retrieve one single NTLM Hash (only needs the RID) by using PowerShell (and Windows API’s which is cheating) to get the three required pieces of data.
–> Of course it is trivial to just read out all users and their RID (“net user” combined with “wmic useraccount where name=’Administrator’ get sid“), but this is not the purpose of the script nor this article

“DumpSomeHashes.py” on my Github
“DumpSomeHashesAuto.py” on my Github

Although the scripts have been tested in a “lab” environment, any feedback is more than welcome 🙂

Conclusion

Since al required data to decrypt the hashes is either static, known or just some elaborate calculation. This is a great example of “Security By Obscurity”.

Microsoft has improved and simplified the encryption cycle by removing not only RC4 from the equation but also MD5 together with all unnecessary (and old) static strings.

The question still remains why the “length” of the hash is actually not the “length”, not all 56 or even 20 bytes are used or even useful. And if Microsoft really wanted to improve the security of their users, it should improve on the used hashing algorithm rather than just changing the used encryption ciphers …

References

https://www.passcape.com/index.php?section=blog&cmd=details&id=35 – Details on what changed in Win10 AU
http://moyix.blogspot.be/2008/02/syskey-and-sam.html – Details on the used strings and algorithms
http://www.beginningtoseethelight.org/ntsecurity/index.htm – Very interesting article on Registry Layout (for Windows XP)
https://diablohorn.com/2013/10/24/remote-hash-dumping-no-processes-or-tool-upload-needed/ – Blog about Remote Hash Dumping with some more resources and references listed

Digital Security is paramount today. Anything with an internet connection is vulnerable and can be compromised by someone sitting on a different continent. The latest DDOS attack on DNS servers is one example of many such wide scale attacks which are on increasing trend since last few years.

Your PC or Laptop is also not secure from such attacks. While you may reiterate that I have password protected it, but that’s not enough today, as we will see.

The Hackers USB Drive

In a recent video, Linus of LinusTechTips, famous among the tech & geek circles, demoed how this plain looking USB drive can unlock your Windows account easily within minutes. Available for $20 on Amazon, this drive, known as Password Reset Key(PRK), aimed for resetting your password in case you forget it, is just waiting to be misused.

To the layman, it might seem that some revolutionary new technology is at work, but in reality it’s nothing more than some software trickery. But in this day & age, with Windows advanced so much with 10, how is this even be possible? To understand that we need to learn how Windows account security works.

The Weak Part: Windows Account Security

From a very long time, Window’s way of storing user account password has been criticized. Windows stores all the user account passwords in a SAM(Security Account Manager) database file. For obvious reasons the passwords are not stored as plain text and the file is inaccessible when the OS running. Hashing, a one way function, is used to convert your password into a string of characters of fixed length so that in case someone grabs the SAM file(which is easier than you think), the passwords cannot be known. The hashing methods used by Windows are the reason of criticism. These methods are explained below.

LM Hashing & NTLM Hashing

LM hashing is a very old method of Windows 95-era and is not used today. In this method the password is converted into hash using the step-by-step method shown below.

The inherent process of breaking down your password in two 7-character strings, made LM hashing vulnerable to brute force attacks. This was improved by the NTLM method which used the more complex MD4 hashing technique. While this solved the earlier problem it was still not secure enough because of Rainbow Tables.

Rainbow Tables

Till now we learnt what hashing is and it’s one important property is that it’s one-way. Which means brute forcing a hash will not yield the original password back. So this is where rainbow tables come into picture. A Rainbow Table is a literal table which contains pre-generated hashes for all possible password combinations for a given hash function.

For example if a password has a rule that it can consist of 7 characters from 26 alphabets & 10 numbers 0-9 only, then through permutations we have 42072307200!! possible combinations for it. A rainbow table for this function will contain hashes & the corresponding password for every possible combination. But the downside of rainbow tables is that they get very big when the input size & password length increases.

As shown above, a simple rainbow table for LM hashing function of Windows XP is 7.5 GB in size. Tables of modern hash functions which use alphabets, numbers & symbols can be of multi hundred gigabytes. So these are not easy to process and use for a normal user with a desktop PC.

There are online websites which offer pre-complied rainbow tables for the Windows Hash function for a price as well as provide lookup tables to check a hash.

So someone who has a Windows SAM file can run a lookup for the hash in a pre-computed table and find the password(if it’s relatively simple). And this is possible because of one drawback of NTLM hashing method of not using salting.

Salting is a technique of adding random string of characters to the password before hashing, so that each hash becomes unique, as shown above, defeating the purpose of Rainbow Tables.

The Attack: How It Is Executed

In Windows 10, Microsoft is using NTLMv2 hashing technique, which while doesn’t use salting but fixes some other critical flaws and overall offers more security. But then also you are not cent percent protected, as I will show now how can you perform a similar attack on your own PC.

Recovering your Hashes

First step is to get hashes of your password using any one of the several methods available. I am going to use the freely available Hash Suite 3.4 (formerly known as pwdump). The beauty of this program is that it can grab the hashes even when Windows is running, so you don’t have to mess around with bootable USB drives. Windows Defender may get nauseous while this is running, so turn it off momentarily.

Step 1: Download the free version of Hash Suite from here and extract all the contents of the zip file to a folder.

Step 2: Open the folder and launch the program by selecting Hash_Suite_64 for 64-bit OS or Hash_Suite_32 for 32-bit one.

Ufd2 Decrypter Free Online

Step 3: To import hashes click on Import > Local Accounts as shown below. This will load the hashes of all the accounts present on the PC.

Cracking the Hashes

From here on, Hash Suite also provides option for cracking the hashes using dictionary & brute force attacks but those are available only in paid version. So instead we use one of the online services to crack our hashes. Crackstation & OnlineHashCrack are the two sites which I used for the purpose. These sites use combination of pre-calculated tables, dictionary attacks and brute force to crack your hashes.

Md5 Hash Decrypter Online

In my case Crackstation immediately conveyed that it can’t match the hash & OnlineHashCrack took five days time but still couldn’t crack it. Apart from them, there other offline programs such Cain & Abel, JohnTheRipper, OphCrack and more which grab the hashes even over network. But explaining how to use them will turn this article into a BlackHat conference piece.

Note: You can verify whether the hashes extracted by HashSuite are of your account’s password by matching it with the hash generated for your password using any online hash generators.

Your Defense

As we saw grabbing the hashes is so much simple that you don’t have to mess around with bootable drives or complex commands. And there are many other programs which are much more advanced in this regard. So in such case your best defense is password & encryption, which I have expanded in detail below.

Long Password

Starting with the length, a long password is generally considered more secure. But how long is long enough? Researchers say that your password should be at least 12 characters long. But to be on the safer side, a 16+ character password is recommended. And please don’t set it as

password12345678. It should be mix of lowercase, uppercase alphabets, numbers & symbols.

Using Encryption

Second line of defense is using encryption. In Windows the encryption key is associated with your Windows Account Password, so even if someone resets the password like in Linus’s video, your stuff will not be accessible. You can use either the inbuilt encryption if you have Pro version of Windows or use any of the third party programs.

Using SYSKEY & Microsoft Account

To prevent unauthorized access, the Windows SAM is stored in an encrypted format. And the encryption key is stored locally on the PC. SYSKEY is an in built Windows utility which allows you move that key to an external media(USB drive) or add one more layer of password before the login. You can learn more about how to set it up here.

Additionally you can also switch to Microsoft account, as the PRK does not work on Microsoft account, as stated by Linus in the video. But I could not verify that as I did not have a PRK to test. But HashSuite was able to extract the Hashes of my Microsoft account’s password, so it is not that effective.

Other Miscellaneous Measures

Apart from the above, you can also set a BIOS password which will add another layer of protection. Also if you don’t like encrypting your whole Windows drive you can set a separate partition which holds all your important stuff, so even if a hacker resets the password, you do not completely lose access to your files.

Using any biometric method of login is one more way to thwart such attacks. Last but not the least, upgrading to Windows 10 is also one way even if it seems little bizarre. Even though it’s vulnerable, it has other security improvements like Windows Hello & Credential Guard.

Sha256 Decrypter Online

In Panic Mode? Don’t Be

If you have read the whole post(brave you!) you might be panicky. But there’s one important thing we are over looking here, all this attacks require physical access to your PC. While these attacks are still possible over network, but executing them is not a cup of tea of someone who has learnt hacking from Hacker in a Week type videos. But one should be careful as we always have around some pissed off people (or colleagues) looking to do harm.

And I again reiterate, the method shown here is only for informational purposes. Don’t go trying it on someone else’s PC or try sniffing a public network for hashes. Both the things can land you in trouble. So stay safe & do share your thoughts & doubts through comments.

The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.Also See#hacking #password

Did You Know