NTLM Hash Cracking Service

What Is an NTLM Hash?

NTLM (NT LAN Manager) is the password hashing algorithm used by Microsoft Windows and Active Directory. Every Windows domain stores user passwords as NTLM hashes in the SAM database or the NTDS.dit file on domain controllers. When you extract credentials using tools like secretsdump.py, mimikatz, or hashdump, the output is typically in NTLM format.

An NTLM hash looks like this:

Administrator:500:aad3b435b51404eeaad3b435b51404ee:e19ccf75ee54e06b06a5907af13cef42:::

The relevant part for cracking is the NT hash: e19ccf75ee54e06b06a5907af13cef42. This is a straightforward MD4 hash of the Unicode password — no salt, no iterations, making NTLM one of the fastest hash types to crack.

Why NTLM Hashes Are Easy to Crack

NTLM is an unsalted, single-iteration hash. On modern GPU hardware, we test hundreds of billions of candidates per second:

Speed.#*.........: 5,297.0 GH/s (Optimized Kernel, -O)

At these speeds, most real-world passwords (dictionary words, common patterns, keyboard walks, date-based passwords) fall within minutes. Passwords up to 8 characters can be fully brute-forced.

Our NTLM Cracking Process

1. Stage 1: Known passwords & leaks — Check against billions of previously cracked hashes from public breaches.
2. Stage 2: Wordlist + Rules — Massive wordlists with optimized rule sets (leetspeak, appended numbers, capitalization).
3. Stage 3: Mask attacks — Targeted brute-force using common patterns like ?u?l?l?l?l?l?d?d.
4. Stage 4: Hybrid attacks — Wordlist + brute-force combos for patterns like Summer2024!.
5. Stage 5: Extended brute-force — Full keyspace coverage for shorter passwords.

Related Hash Types We Also Crack

• NetNTLMv2 (mode 5600) — Captured from network traffic or Responder. Salted and slower but crackable.
• DCC2 / MS-Cache v2 (mode 2100) — Cached domain credentials. 10,240 PBKDF2 iterations, significantly slower.
• LM Hashes (mode 3000) — Legacy hashes. Trivially cracked due to 7-character split.

Fast Hashes: MD5, SHA1, SHA-256 & Database Hashes

• MD5 (mode 0) / SHA-1 (mode 100) — Unsalted, billions/sec. Legacy apps, old databases. Minutes.
• SHA-256 (mode 1400) / SHA-512 (mode 1700) — Faster than expected on GPUs. Unsalted variants fall quickly.
• MySQL (modes 200/300) — Ultra fast.
• PostgreSQL MD5 (mode 12) — Username-salted MD5 from pg_shadow.
• MSSQL (modes 131/1731) — SQL Server 2000–2019.
• Oracle (modes 112/12300) — Oracle 11g+ SHA-1 and 12c+ PBKDF2.

All fast hashes: $100 per hash. Bulk pricing for large dumps — contact us.

What We Need From You

Send us: the hash value(s), any password policy info, and any partial password knowledge. The more context, the faster we crack it.

Pricing

NTLM: $100 per hash. Bulk pricing for large dumps.