shuck.sh

Shuck hash before trying to crack it

Menu

Skip to content
  • Home
  • Get Shucking
  • Generator
  • Converter
  • The Technology
  • FAQ
  • News
  • Contact

Get Shucking

Get Shucking

This tool extract all usefull information from a MSCHAPv2/PPTP-VPN/NetNTLMv1 with/without ESS/SSP and with any challenge's value. From these data, several ways to break them are suggested.

PUT YOUR AUTHENTICATION TOKENS HERE (1 per line)!
Current HIBP NT-Hash wordlist used : pwned-passwords-ntlm-reversed-ordered-by-hash-v8.bin (#Hash candidates : 847,223,402). Max token length: 255, and max number of tokens submited at once: 100.

Note:
This Hash-Shucking tool can be used to convert any input token from a supported format, to its other formats, and maybe even get the NT-hash directly!
The most optimized format for crack.sh and/or for Hashcat is delivered if the NT-hash is not obtained through the HIBP database (to pay-less / save time).
All the details (PT, K, CT, challenges) of the algorithmic dissection of the token are provided.
Click on the "[+]" of a line to get all token's details.
To use Hash-Shucking on-premise, without CAPTCHA nor limitation of the number of tokens to analyze, it is recommended to deploy the tool from GitHub.

Compatibility & Formats:
The output results are in various formats summarized in the following table with their tool's compatibility.

Token Format Type Shuck.sh
Crack.sh
HashCat
Description

login::domain:lmresp:ntresp:clientChall
*::*:[a-fA-F\d]{48}:[a-fA-F\d]{48}:[a-fA-F\d]{16}
Prefix: N/A / Delimiter: ":" / Hex / Optional login, domain, lmresp

NetNTLMv1-noESS/SSP Ready to be shucked freely! Incompatible format / requires conversion Yes, mode 5500 / 27000 or 14000 NET(NT)LM hashes captured with a random challenge without ESS/SSP.

login::domain:lmresp(serverChall+0padding):ntresp:clientChall
*::*:[a-fA-F\d]{16}[0]{32}:[a-fA-F\d]{48}:[a-fA-F\d]{16}
Prefix: N/A / Delimiter: ":" / Hex / Optional login, domain

NetNTLMv1-ESS/SSP Ready to be shucked freely! Incompatible format / requires conversion Yes, mode 5500 / 27000 or 14000 NET(NT)LM hashes captured with a random challenge with ESS/SSP (server challenge in LMresp with 0's padding).

(LM|NT)HASH:ntresp
(LM|NT)HASH:[a-fA-F\d]{48}
Prefix: (LM|NT)HASH / Delimiter: ":" / Hex

NET(NT)LM Ready to be shucked freely! FREE/$20-$200
Incompatible format / requires conversion NET(NT)LM with the 1122334455667788 challenge without ESS/SSP.

$NET(NT)?LM$challenge$ntresp
$NET(NT)?LM$[a-fA-F\d]{16}$[a-fA-F\d]{48}
Prefix: $NET(NT)?LM$ / Delimiter: "$" / Hex

NET(NT)LM Ready to be shucked freely! $20-$200
Incompatible format / requires conversion NET(NT)LM hashes captured with a random challenge.

$99$b64encode(hex2bin(challenge+{ntresp=CT1+CT2+PT3})
$99$[a-zA-Z\d\+/]{35}=
Prefix: $99$ / Delimiter: "$" / Base64

ChapCrack Ready to be shucked freely! $20-$200
Incompatible format / requires conversion PPTP VPN and WPA-Enterprise MSCHAPv2 authentication captures.

$MSCHAPv2$challenge$ntresp$(login)?
$MSCHAPv2$[a-fA-F\d]{16}$[a-fA-F\d]{48}$*
Prefix: $MSCHAPv2$ / Delimiter: "$" / Hex / Optional username

MSCHAPv2 Ready to be shucked freely! Incompatible format / requires conversion Incompatible format / requires conversion PPTP VPN and WPA-Enterprise MSCHAPv2 authentication captures.

How to convert formats?
To convert an authentication token from one format to another, simply submit it freely to the Hash-Shucking module or use the Converter to follow algorithm's dissection.

RECENT NEWS

Shuck.sh is alive, and ShuckNT is released on GitHub!

The hash shucker dedicated to the NetNTLMv1 (with or without ESS/SSP), PPTP VPN and WPA-Enterprise MSCHAPv2 algorithms is available online, as well as on-premise on GitHub since the begining of 2023!


The Crack.sh online service was unavailable for several weeks/months at the end of 2022

For several weeks / months during the last quarter of 2022, the services of the Crack.sh online platform were unavailable / under maintenance. Now the platform is fully functional since the beginning of 2023!

 

Pwned Passwords list version 8 released by HIBP !

Pwned Passwords are hundreds of millions of real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. Version 8 was released by Troy Hunt in December 2021 and contains 847,223,402 leaks.




What the Shuck? Layered Hash Shucking

Conference by Sam Croley (Chik3nman) at DEFCON's Password Village on August 8, 2020 on the concept of " What the Shuck? Layered Hash Shucking".

Site Map

  • Home
  • Get Shucking
  • Generator
  • Converter
  • The Technology
  • FAQ
  • News
  • Contact

Contact

Feel free to report any comments, bugs or ideas for improvement regarding Shuck.sh or ShuckNT via GitHub or by contacting me directly.



100% Success NOT Guarantee
Shuck.sh cannot guarantee 100% results, unlike Crack.sh which guarantees that it will 100% produce a working key for jobs submitted. The processing carried out by Shuck.sh is based on the use of the databases provided by HaveIBeenPwned, and is therefore dependent on the data leaks recorded in these databases at a given time. Shuck.sh aims to maximize the time to obtain an NT-hash from a DES-based authentication token, without claiming to be exhaustive. To gain completeness, it is recommended to turn to the excellent Crack.sh service.

Disclaimer
Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Shuck.sh will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
This site contains materials that can be potentially badly used. If you do not fully understand something on this site, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions.

© Copyright 2023+ ycam | shuck.sh is a free service developed and maintained by Yann CAM, Independent CyberSecurity Consultant, and is provided for research purposes only.