Decoding Net-NTLMv2 blob?

More a curiosity question. Let's take as an example the hash on this page:

https://0xdf.gitlab.io/2019/01/13/getting-net-ntlm-hases-from-windows.html

Which is:

Administrator::WIN-487IMQOIA8E:997b18cc61099ba2:3CC46296B0CCFC7A231D918AE1DAE521:0101000000000000B09B51939BA6D40140C54ED46AD58E890000000002000E004E004F004D00410054004300480001000A0053004D0042003100320004000A0053004D0042003100320003000A0053004D0042003100320005000A0053004D0042003100320008003000300000000000000000000000003000004289286EDA193B087E214F3E16E2BE88FEC5D9FF73197456C9A6861FF5B5D3330000000000000000 

That last field is described as being a blob including the time and various other information used to generate the hash in the field before it.

I've been all over the Internet for parsers but everyone seems to care a lot more about just hashing it to crack passwords. Can it be decoded?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s