hashcat Forum

Need help about modPBKDF2 hashes brute.

Got some hashes from modx database.
Columns look like:
password is '+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc='
salt is 'a9a3cd2a52f4ead8bff477941ceb62f5'
Clear password is 123123.

Algo is presented here https://fossies.org/dox/modx-2.4.3-pl/mo...ource.html
Looks like it`s pbkdf2_sha256 (module Django (PBDKF2-SHA256) for oclHashcat?), but I cannot brute it with this module.
Hash input set as pbkdf2_sha256$1000$a9a3cd2a52f4ead8bff477941ceb62f5$+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc=. just as I use it with HashManager.
Mistake in oclHashcat is "Line-length exception". I think, I need to use another input format for hash, am I right?

Looks like a direct implementation of Taylor Hornsby's PHP PBKDF2 function, which should be compatible with -m 10900, but doesn't look like it is. I modified the input format to match 10900, but it's not finding the plaintext. Will need to dig into the code to see where the minor differences are.

The salt must also be specified as base64 encoded string, like this:

so if a9a3cd2a52f4ead8bff477941ceb62f5 is the "raw salt", then base64 ("a9a3cd2a52f4ead8bff477941ceb62f5") = YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjU= must be specified as salt

Argh I thought I tried that, but I didn't get the padding character in copy/paste so I only tried "sha256:1000:YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjUK:+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc=". Oops!

It works, thanks!