PW Attacks - NTLM hash blank?


Im nearly complete with the password attacks module finally, however I seem to be stuck with the hash found from the SAM which is “31d6cfe0d16ae931b73c59d7e0c089c0” - however it appears to be a blank string and none of the PtH methods that were taught are working.

What am I missing?

The hash value you provided is the MD5 hash of an empty string. MD5 is a cryptographic hash function that produces a fixed-size output (128 bits) for any given input data. When the input data is an empty string, the output hash value is always the same: “31d6cfe0d16ae931b73c59d7e0c089c0”.

If you are trying to perform Pass-the-Hash (PtH) attacks, it is important to understand that PtH attacks rely on obtaining the hash value of a valid user’s password and using it to authenticate to a target system without knowing the actual password. It is not possible to perform a PtH attack with an empty string hash value because it does not correspond to any valid user’s password.

If you are encountering issues with the PtH methods you are using, it is possible that the hash value you obtained from the SAM database may not correspond to a valid user account or password. You may want to double-check that you are using the correct hash value and that the account you are targeting is a valid target for a PtH attack. It is also possible that the target system has security measures in place to prevent PtH attacks.

1 Like

Thank you for this helpful info. You nailed it.

I was trying to use a bad hash, as soon as I used the right tool, the right hash showed up for me and I was in right away.

I love this stuff, but dang can it be frustrating! lol.

Thank you!

no problem, here to help :smile: