So I've been trying to use JTR to crack a text file I've created that contains the follow:
Code:
iamUser:3####7C7#C318F5####40#B####C42####AC##05E######26
username:hash
Now reading the Wiki is states:
Quote:Due to its architecture, only XXX($pass.$salt) algorithms can be implemented. Algorithms using the opposite XXX($salt.$pass) can not be implemented.
Now I'm guessing the username is the "salt" so to be able to use oclHashcat-lite I need to reverse the text file?
This is JTR output: salted SHA-1 [128/128 SSE2 intrinsics 8x]
I'm really lost so I'm trying to put things together. Sorry if this is a stupid question.
Thanks,
Beach
sha1(pass.salt) and sha1(salt.pass) are two different algorithms. if you need sha1(salt.pass) then you cannot use lite.
but if you have a hash in user:hash format, what leads you to believe it is a salted algorithm? are you sure the password is salted with the username? if so, are you positive the algorithm is sha1(pass.salt)?
oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.
the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.
consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.
Code:
epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dba
hashcat requires hashes to be in hash
alt format, so you just take the first eight chars and move them to the end of the hash, separating it with a colon.
1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F
you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.
Code:
epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 test
actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.
(03-27-2013, 08:15 AM)epixoip Wrote: [ -> ]actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.
Before I sold my 10.4 machine I converted it into a VM. I have my desktop running OSX and Windows. I've just installed a drive to install Ubuntu on to. That machine has 2x GTX460 and a GTX670
(03-27-2013, 08:05 AM)epixoip Wrote: [ -> ]oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.
the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.
consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.
Code:
epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dba
hashcat requires hashes to be in hashalt format, so you just take the first eight chars and move them to the end of the hash, separating it with a colon.
1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F
you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.
Code:
epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 test
Wow. Thanks a lot for all the help. I'll give this a try today and report back.