Stamp Out Hash Corruption! Crack All The Things!
The precursor to cracking any password is getting the right hash.  In this talk we cover how we discovered that Cain and Able, Creddump, Metasploit and other hash extraction tools regularly yield corrupt hashes that cannot be cracked.  We take a deep dive into password extraction mechanics, the birth of a viral logic flaw that started it all and how to prevent corrupt hashes.  On the CD we have provided patches that prevent hash corruption in the tools that many security professionals use every day.

Contents of the CD:
- Example SAM and SYSTEM Registry Hive: 
These registry hives contain password hashes that are incorrectly extracted by common tools. Readers can extract the hashes from these hive files with Cain & Abel v4.9.43, or Creddump v.1 since these tools can produce hashes from off-line SAM & SYSTEM files in order to reproduce the issue described during this talk.

 **Note several of these tools have been fixed based on feedback provided to the creators, therefore current versions of these tools may produce correct hashes.
 
 Due to the logic flaw described during this talk, the following hashes are produced for the test2 account:
	LM Hash:4500a2115ce8e23a99303f760ba6cc96
	NTLM Hash:5c0bd165cea577e98fa92308f996cf45
	
 Attempts to crack these hashes were made with the following methods:
	Dictionary attacks
	Brute-force attacks
	400 GB of Rainbow Tables
	"Pass the Hash" technique to the same system the account resides on also failed
	
 We encourage you to extract the hashes using affected versions of tools described in the presentation. Hint: The password is "bananas".
 
- Also included is a technical paper that examples the mechanics of password hash extraction and describes the flaw in detail.
- Patches for Metasploit's Hashdump Script and Creddump are also provided. Additionally, these patches were provided to the authors prior to this talk.

