Help for a noob
#1
Hi, i'm a noob of this program.
I need help cracking an hash.

I know:
- plaintext
- hash of the plaintext (it seems an md5)

I need to know what algorithm it's used to generate that hash (if they use salt etc...). 
It is possible to do that using hashcat?

I know it's not a simple task, because there are infinite possible combination of algoritms that can be used to generate an hash.
However, i'd like to give it a try and do at least these attacks (that are supported by hashcat):
  • md5($pass.$salt)

  • md5($salt.$pass)

  • md5(unicode($pass).$salt)

  • md5($salt.unicode($pass))

  • md5(sha1($pass))

  • md5($salt.md5($pass))

  • md5($salt.$pass.$salt)

  • md5(strtoupper(md5($pass)))
What commandline parameters can I use to do these attacks?
#2
I guess if it's 32 alphanumeric chars it is MD5 but then to corectly guess what you're asking for, if it's salted you'll have to bruteforce the salt and it's position ...

but you can also try thoses two for example wich are not salted

md5(strtoupper(md5($pass)))
md5(sha1($pass))
#3
(09-15-2015, 04:05 PM)alert Wrote: but you can  also try thoses two for example  wich are not salted
md5(strtoupper(md5($pass)))
md5(sha1($pass))
I tried these, but it doesn't work. Probably it's salted.


(09-15-2015, 04:05 PM)alert Wrote: I guess if it's 32 alphanumeric chars it is MD5 but then to corectly guess what you're asking for, if it's salted you'll have to bruteforce the salt and it's position ...
Yes, it's 32 alphanumeric chars.
What commandline parameters can I use to bruteforce salt?

For example, let's start with this:
md5($pass.$salt)
if i understood what you said, I need to to this:
pass
passa
passb
passc
....
passaa
passab
...
and so on...
What commandline parameters can I use to do this?
Can I use a dictionary for salt instead of brute-force?
#4
I'm no expert but i'm pretty sure yes,

in fact after reading docs,

command: -a 3 password?d
keyspace: password0 - password9

you just specify a pattern .(or mask) .. for bruteforce Smile

and you'll find your way with dictionnary(straight) Wink

and then again you're not sure of the salt position (salt.pass|pass.salt|p.s.a.a.s.l.s.t.word|.....)

and I'd say, but have little experience, salt usualy is quite random ... not easily coming out from a wordlist

good luck