Thread Closed 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
11-20-2011, 06:07 AM
Post: #1
Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
I have a salted SHA1 hash that contains the the solution to a geocaching puzzle and the puzzle author intended that a brute-force method be used in solving it. :
8882caa3b88a5a16fad6287e26d8a8f9454ad643

I know that the salt is "PEPPER" and that the plain-text will have the form "N51 03.### W114 07.###", where # = 0...9

My computer is a 3.4 GHz Intel Core i& iMac with 16 GB or 1333MHz DDR3 memory. I have Windows XP installed under Parallels, so I am able to run hashcat as a Windows program.

I'm absolutely new to hashcat, so I could really use some step-by-step help to set it up to solve for the "#"s in the noted plain-text.
Find all posts by this user
11-20-2011, 11:15 AM
Post: #2
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
Hey Geocacher,

much thanks for asking us for support in this challange Smile

There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:

Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:

1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"

2. open cmd windows and type:

Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt

The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor

I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.
Visit this user's website Find all posts by this user
11-20-2011, 12:50 PM
Post: #3
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
OclHashCat is a study for itsself.

Intrigueing by this challenge, I follow you both to see how it works. I use oclHashcat-plus-0.06 there is no oclHashcat-lite64.bin in there so I think I can use oclHashcat-plus64.bin with the right hash type. That should work.

I could not resolve with the command line
oclHashcat-plus64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d". My system keeps saying Exhaulted!

So oclHashcat-lite64.bin is very different from oclHashcat-plus64.bin

It must work somehow, so I test GUI, with the information provided, it works if in the mask I don't use the " ", but in this case the generated command would be displayed as
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 PEPPERN51 03.?d?d?d W114 07.?d?d?d

Go to terminal test that command then it solves the problem only when using
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

I think I understand the logic, why there are differences. But in OCHL to be on the side of Exhaulted or Cracked it really requires a bit to study\experiment.

But is does work. Yes, and very quick.
Find all posts by this user
11-20-2011, 02:30 PM (This post was last modified: 11-20-2011 02:31 PM by undeath.)
Post: #4
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
if you read the documentation/wiki/help you had realized -plus does not support masks (and only passwords up to 15 chars).

The need of double quotes around the string if spaces are used is not hashcat-specific but is the way the windows cmd (and unix shells as well) work.
Find all posts by this user
11-20-2011, 04:22 PM
Post: #5
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
Thanks for such a quick reply.
I have to go out this morning, but will give it a try this afternoon.
Once I've got it or run into a brick wall, I'll post a note in the forum.

hashcat sounds like the perfect program for this type of puzzle.
I'm surprised that nobody has ever mentioned in in geocaching circles.
I can see the potential for my own puzzles using some of its other features.

(11-20-2011 11:15 AM)atom Wrote:  Hey Geocacher,

much thanks for asking us for support in this challange Smile

There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:

Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"

You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:

1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"

2. open cmd windows and type:

Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt

The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor

I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.
Find all posts by this user
11-20-2011, 07:15 PM
Post: #6
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
this is interesting. i was able to crack it using atom's command syntax but wasn't able to with this command:

oclHashcat-lite64 -m 101 8882caa3b88a5a16fad6287e26d8a8f9454ad643:PEPPER "51 03.?d?d?d W114 07.?d?d?d"

What's the difference between the two?
Find all posts by this user
11-20-2011, 09:26 PM
Post: #7
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
you missed an "N" Wink
Find all posts by this user
11-20-2011, 11:45 PM
Post: #8
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle.
Hey atom,

All I can say is, WOW!!!

I used the current revisions of the components from the site and followed your instructions to the letter.

Apparently; my iMac was very much up to the challenge.
It quite literally blinked and spit out a single solution.
I didn't even see the status screen before it was done. It was that quick.
(Hashcat 0.37 apparently initialized with 8 threads and a 32mb segment size.)

I've sent the solution off to the puzzle author for verification. It's too cold out today to trek out to the cache site, unless it's a valid solution (But I really think it is, since it plots out nicely on google maps).

Here is a link to the related geocache page for those who are interested in seeing why I was trying to crack the hash:
http://www.geocaching.com/seek/cache_det...2b54ff85ee

I'd like to express my sincere appreciation for your help and that of those on the forum.

This is a great example of using Hashcat to have some real fun and to let it "strut its' stuff". First rate program and a great "get your feet wet" tutorial.

This got me interested. I'm thinking of developing a puzzle of my own that uses one-way hashes.

Regards;
Geocacher
Find all posts by this user
Thread Closed