NTLM to plaintext password lookup

How do I use it?

Stuff here is free for now, but in order to prevent abuse there is a quota for requests, based on points - so everything you do costs something, ranging from 0 points and upwards.

Free points, I love it

You are granted a usage quota of 10000 points every 15 minutes. If you do individual lookups, this grants you more than 1 lookups per second, but if you have many hashes you can use the bulk API which costs a bit less per lookup.
You can use all of your ratio at once if you want, but will then have to wait a while before requesting more data.
While it is fairly easy to circumvent the quota, we kindly ask that you do not, but instead get in touch if you need more than we offer for free here - see last paragraph on this page for contact info.

Partial hashes

In order to protect the innocent (or something), you can look up partial hashes - typically by submitting the first half of the hash to the system. Lookups that return both a hash and a password will return the complete found hash and the password. See below for supported prefix lengths and APIs that support this functionality. In case of prefix collisions, the server will only return the FIRST found matching hash, but the prefix length is limited to prefixes that make it highly unlikely that there will not be a collision.

Supported hash types

Hash type Short name Lookup lengths (hex)
NT hash nt 16-32
LM hash lm 16-32
SHA256 hash sha256 16-64

Access to data

Current APIs

API for simple single hash lookups (25p/hash)

It just outputs the password if it's found. For bash oneliners, NOT FOR LOOKING UP LOTS OF STUFF!
Powershell:
Invoke-WebRequest https://ntlm.pw/api/lookup/[hashtype]/[16-32 hex digit hash] | Select-Object -Expand Content
Curl:
curl https://ntlm.pw/api/lookup/[hashtype]/[16-32 hex digit hash]

API for plaintext bulk hash lookup (4 p/hash)

You can submit up to 500 hashes each on their own line in every request. This API takes partial prefix hashes from 16-32 hex digits.
Powershell:
Invoke-WebRequest -Method Post -Infile [your-text-file-with-hashes.txt] https://ntlm.pw/api/lookup?hashtype=[hashtype] | Select-Object -Expand Content
Curl:
curl -X POST -H "Content-Type: text/plain" --data-binary "@[your-text-file-with-hashes.txt]" https://ntlm.pw/api/lookup?hashtype=[hashtype]

API for JSON bulk hash lookup (4 p/hash)

You can submit up to 500 hashes each on their own line in every request. This API takes partial prefix hashes from 16-32 hex digits.
Curl:
curl -X POST -H "Content-Type: application/json" --data-binary "{ "hashes": [ "hash", "hash2"] }" https://ntlm.pw/api/lookup?hashtype=[hashtype]

Deprecated APIs, will be removed in the future!

Old API for single hash lookup - full NT hashes (5p/hash) Deprecated, will be removed in the future!

Powershell:
Invoke-WebRequest https://ntlm.pw/[32-character hash] | Select-Object -Expand Content
Curl:
curl https://ntlm.pw/[32-character hash]

API for bulk hash lookup - full NT hashes (4 p/hash)

You can submit up to 500 hashes each on their own line in every request.
Powershell:
Invoke-WebRequest -Method Post -Infile [your-text-file-with-hashes.txt] https://ntlm.pw/api/bulklookup | Select-Object -Expand Content
Curl:
curl -X POST -H "Content-Type: text/plain" --data-binary "@[your-text-file-with-hashes.txt]" https://ntlm.pw/api/bulklookup

Server response codes

Code Meaning
200 Successful request and a result is returned
204 Successful request but no result is returned, i.e., hash not found in database
429 Too many requests, wait for your quota to fill up. Using the returned X-RateLimit-Reset header you can wait the number of seconds indicated.
5XX Server error, try again later
Database has 8.710.349.868 unique hashes. Quota 10000 points, resets in 900 seconds.
hash lookup - plaintext lookup - read before using - about - docs (API) - lamers
Took 0.38ms