hashcat Forum

Full Version: ASP.NET Membership Password Hash
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am trying to use hashcat with an .NET Membership password hash. 
I have a 40 bytes long hashvalue which is sha1 and encoded in base64. Second I have a 128 bytes long salt which seem to be hex values in upper-case.

So first I convert the base64 pw hash:

echo -n "XGO********************B1nA=" | base64 --decode | xxd -ps

which gives me the 40 bytes sha1 hash:

The salt is 


I then prepare a file with the following format:


When I run hashcat with the following command

hashcat -m 140 --hex-salt ./sha1 ../wordlists/rockyou.txt

I get an line length exception 

If I pass shorter salts, hashcat excepts the input, so I guess the problem is with the 128byte salt. Maybe the salt is in the wrong format ?

Thanks in advance for any help
(05-16-2016, 01:46 PM)atom Wrote: [ -> ]There's just this: https://hashcat.net/wiki/doku.php?id=fre...alt_length

I understand, salts for generic hash types have a limit of 31. Pity for me. I found a feature request in the forum from 2012: https://hashcat.net/forum/thread-1752.html. Is there any progress on this ?
No, we don't try it. There are better ways to handle large salts, as described on the wiki I linked