hashcat Forum

I have a hash of the form of 64 hex chars (I'm assuming SHA256???)

Im told that it has some form of salt prepended to the string before hashing, and I have the unhashed string, but not the salt.

Is it possible to find the salt?

I have tried:

hashcat -m 1400 -a 1 ./hashfile /usr/share/dict/american-english ./known

(Combination attack mode), where "known" contains the known string. But it only seems to load one dictionary. And of course I don't know that the salt is a dictionary word.

Any advice appreciated - I'm knew to this sort of thing in general, and hashcat specifically!

Thanks!

Easiest way would be to treat it as sha256(pass.salt), use the plaintext password as the salt, and crack the salt as the password.

But this begs the question -- if you already have the password, why do you care what the salt is?

Thanks epixoip.

The reason for needing the salt is that it's static across other unknown passwords.

When I try to use sha256(pass.salt) though it complains about the length. How do I provide the known "salt" (password) in this case? (Sorry if this is beyond basic - still getting to grips with it.)

If it's static across all users then it's not a salt, it's a shared secret -- AKA, "pepper."

But my advice still stands. Use -m 1410 and supply the hash in "hashalt" format. Or in this case, "hash:pass" format.

Ah, thank-you - the hash:pass had evaded me. How should I deal with a space in the password? Is it simply a case of having hash:pass word on one line in the hash list?

It appeared to run fine, and worked through the dictionary in a second or so (without finding a match), but just want to lake sure I'm not omitting half the password!

Thanks again!

Got it with a mask attack. :-) Thanks again for the help. In case anyone comes across this - the space in the "hash" (password in this example) was fine.

Cool, glad you got it sorted.