Confused by the suffixes and parameters
#1
Hi all,

First of all, glad to see such an active community around this programme, hopefully I can get some help here! I'm running W7x64 on an i7 mobile with a GT640M with 384 CUDA cores so I assume cudaHashcat-plus64 is my best bet?

I've got an SHA-1 hash, salted with a 64-bit random number, that's about the only info I have. It is unlikely to be a widely used password so I assume dictionaries are useless.

Fake hash:
Code:
814120311f1d3e33bcbf92a37b16f30db5671fb1
Fake salt:
Code:
ac2ea0480326b810

What would be the exact appropriate command line to decrypt this combination of hash + salt? I'm getting especially confused at this part:
Code:
100 = SHA1
110 = sha1($pass.$salt)
120 = sha1($salt.$pass)
130 = sha1(unicode($pass).$salt)
140 = sha1($salt.unicode($pass))
How do I know which one I have to pick? And do I have to put the hash + salt in a certain format?

I know about learning someone to fish instead of catching a fish for him but if somebody could prep the entire command line using the fake data above for me and post it here I would be very grateful!

PS: I'm pretty sure tho the password only contains letters, numbers, periods ( . ), and dashes/minuses ( - ). Also, for password acceptance there is no difference between upper case and lower case. How do I set this up, -1 $l$u$d.- doesn't seem to work...
#2
(10-07-2013, 09:17 PM)JayPee Wrote: How do I know which one I have to pick?

use the source, or guess intelligently


(10-07-2013, 09:17 PM)JayPee Wrote: And do I have to put the hash + salt in a certain format?

yes, the format is hashConfusedalt

(10-07-2013, 09:17 PM)JayPee Wrote: I'm pretty sure tho the password only contains letters, numbers, periods ( . ), and dashes/minuses ( - ). Also, for password acceptance there is no difference between upper case and lower case. How do I set this up, -1 $l$u$d.- doesn't seem to work...

you have the right idea, but you're not doing it right. first, it's ?, not $. second, you said there's no difference between ?l and ?u, so you wouldn't want to use both in your charset, you'd be increasing the keyspace for no reason.

so based on what you said above, you'd want to use a custom charset of -1 ?u?d.-
#3
I'm not sure I understand. I quote the information about the source:

The password itself is not stored as clear text; it's stored as a 160-bit SHA-1 hash, salted with a 64-bit random number.

This is the only info I have, plus the hash and salt itself ofcourse. Based on this, how would I possibly know or guess intelligently whether to use 110, 120, etc.?

Furthermore, after digging a bit deeper I have reason to believe the password will contain only digits.

My guess is I should use this format when I want to brute force using only digits:
Code:
cudahashcat-plus64 -a 3 -1=?d --hex-salt --outfile=JP.txt -m 110 c078b3ef623be6d95f3e7e4af23c4aead10abe38:b4520cf4f2fdbbed
However, it somehow does not take -1=?d into account and still attempts to brute force using upper, lower, digits, and special chars.
#4
(10-08-2013, 09:22 AM)JayPee Wrote: Based on this, how would I possibly know or guess intelligently whether to use 110, 120, etc.?

there is no way to know that based on the information you provided. so you either need to examine the source code, or just guess. it won't take long to try each algorithm if the password contains only digits.

(10-08-2013, 09:22 AM)JayPee Wrote: it somehow does not take -1=?d into account and still attempts to brute force using upper, lower, digits, and special chars.

that's because all you've done is define a custom charset... you haven't actually told hashcat how to use that charset. also, you don't need to define a custom charset that points to a built-in charset, that doesn't make any sense.

have a look at http://hashcat.net/wiki/doku.php?id=mask_attack
#5
Thanks! Now I understand the difference between defining a custom charset -which I indeed do not need to do- and actually giving the command to use a charset - which I do need to do.