08-30-2017, 11:31 PM
I'd like to audit some Worpress hashes. Hash format is 00112233445566778899aabbccddeeff:0011. According to documentation, it's format is md5($salt.$pass), AKA phpass. A quick test with JtR show that the format is correct: known test hashes are successfully cracked (using --format=phpass).
Using hashcat, the hashes are not accepted:
Using hashcat, the hashes are not accepted:
- m=400: format is incorrect according to https://hashcat.net/wiki/doku.php?id=example_hashes:
400 phpass, WordPress (MD5), Joomla (MD5) $P$984478476IagS59wHZvyQMArzfx58u.Makes sense, hashcat is expecting $P$etc.
- m=20: format is incorrect according to https://hashcat.net/wiki/doku.php?id=example_hashes:
20 md5($salt.$pass) f0fda58630310a6dd91a7d8f0a4ceda2:4225637426Makes sense as well: my salt is shorter than expected, 4 instead of 10 nibbles.