hashcat Forum

Full Version: Drupal 7 hashes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello everyone!

I'm performing a pentest and was able to compromise a web application via SQLi. This database server was also being used for Drupal.

The latest version, 7 changed their hashing algorithm to SHA512 using this function:
http://api.drupal.org/api/drupal/include...password/7

I don't see support for Drupal 7 specifically, but I'm wondering if the generic sha512 support would work.

I'd normally just set up an instance of drupal and try but I'm not infront of my GPU machine....
Generic sha512 won't work.
(07-13-2012, 11:04 PM)gat3way Wrote: [ -> ]Generic sha512 won't work.

Is there a tool that will? I've looked in the usual places and have come up with nothing.
It looks like 15 rounds of SHA512, prefixed with '$S$<base64 encoded number of rounds><6byte random salt>'.
(07-17-2012, 05:00 PM)fuzztester Wrote: [ -> ]
(07-13-2012, 11:04 PM)gat3way Wrote: [ -> ]Generic sha512 won't work.

Is there a tool that will? I've looked in the usual places and have come up with nothing.

JtR-jumbo supports cracking drupal 7 hashes. However, it is slow.