hashcat Forum

Hey,

I'm testing a number of Peoplesoft hashes which hashcat takes in the expected format for -m 133, however mine are salted. The salts I have are 32 char strings, seemingly MD5? I've read that Peoplsoft salting is SHA-1 based (https://blog.gosecure.ca/2016/05/04/orac...terprises/)  which doesn't match with the salts I have but does anyone know a way in which I can process my salted hashes to re-generate without the salt so I can then feed back into hashcat?

A touch off pure hashcat issues I admit however wanted to see if anyone had any insight.

Many thanks.

The salt is intrinsic to the hash. The only way to rework the salts would be if you already had the plain text password.

Appreciate the response, thanks.

Sorry to revive this thread but it seemed better than starting a new one. Royce, is there a way to extract the salt out of the hash if you do know the Password. I am on an engagement and have a users hash, salt, and plaintext credentials as well as a large collection of hashes and salts from other users that seem to be PeopleSoft. I wanted to verify their hash type by running the known hash through hashcat with a dictionary containing only its password but I ran into the same issue of there not being a mode for salted PeopleSoft hashes.

Thank you for any info you have!