hashcat Forum

hashcat Forum > Deprecated; Previous versions > General Help > Drupal 7 hashes
Full Version: Drupal 7 hashes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

fuzztester

07-13-2012, 07:57 PM
Hello everyone!

I'm performing a pentest and was able to compromise a web application via SQLi. This database server was also being used for Drupal.

The latest version, 7 changed their hashing algorithm to SHA512 using this function:
http://api.drupal.org/api/drupal/include...password/7

I don't see support for Drupal 7 specifically, but I'm wondering if the generic sha512 support would work.

I'd normally just set up an instance of drupal and try but I'm not infront of my GPU machine....

gat3way

07-13-2012, 11:04 PM
Generic sha512 won't work.

fuzztester

07-17-2012, 05:00 PM
(07-13-2012, 11:04 PM)gat3way Wrote: [ -> ]Generic sha512 won't work.

Is there a tool that will? I've looked in the usual places and have come up with nothing.

chort

07-17-2012, 06:37 PM
It looks like 15 rounds of SHA512, prefixed with '$S$<base64 encoded number of rounds><6byte random salt>'.

halfie

07-19-2012, 08:08 AM
(07-17-2012, 05:00 PM)fuzztester Wrote: [ -> ]
(07-13-2012, 11:04 PM)gat3way Wrote: [ -> ]Generic sha512 won't work.

Is there a tool that will? I've looked in the usual places and have come up with nothing.

JtR-jumbo supports cracking drupal 7 hashes. However, it is slow.
hashcat Forum > Deprecated; Previous versions > General Help > Drupal 7 hashes