hashcat Forum

Full Version: Help Needed
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
So I have been testing Hashcat out and love it so far. I am running into an issue. I have the following hash: +VZyZlAHP6HAgoaPBrBz with a known plaintext of 378734493671000. The issue is I have no idea what kind of hash that is. Kinda looks like Cisco PIX md5 but unsure. I have 2 other ones I have to crack which are: +VZyY1sBOazFh4COBrB2 and +VZ7ZVcKPavGh4iGArNy

Any help or guidance is greatly appreciated! (Also comes with beer money via paypal Tongue)
Obvious question number one: where are they from?
If I am not mistaken I think his question comes from here:

I am interested in the proper procedure used to perform an action like this. I have been tinkering with it in the last few days and attempted to see if it has a one-time pad or if I could just XoR it directly by hand. Neither method came back with an answer that makes sense.

Is there an alternative method to XoR the Encrypted & plain text values programmatically that will generate the true key?

The question is:
You have managed to compromise a database of credit cards via a SQL injection attack. Below is a sample of records pulled from the database table credit_cards:

fname lname email_addr cc_num cc_expire
Johnny Johnson jj@incorp.com +VZyY1sBOazFh4COBrB2 11042012

Bradley Bacon bacon@gmail.com +VZ7ZVcKPavGh4iGArNy 04032014

Evil Attacker evil@evil.com +VZyZlAHP6HAgoaPBrBz 06212014

Evil Attacker2 evil2@evil.com +VZyZlAHP6HAgoaPBrBz 06212014

As the attacker you were able to insert the record for Evil Attacker and EvilAttacker2 and you know the Plaintext for both of the corresponding credit card numbers is 378734493671000.

o What type of encryption (block or stream) is being used to store these credit card numbers? (1 point)
o What is the issue with the encryption used to store these numbers? (1 point)
Can be xored.
o What type of encryption would you recommend to store these numbers as a more secure alternative to the method they chose (1 point)?
RSA 512 bit. Legal limit.
o What is the plaintext for the other credit card numbers? (1 extra credit point)