PBKDF2 AES 256/CBC
#1
I would like some help in determining which algorythm to use for decrypting the following hash that used PBKDF2 (AES 256/CBC).


Code:
9b968a5c3888d1b959bce46371dbc037c0874575af523467d3896fe608fdc2fb0ff122fdc9680c0bdd7aff0db66cf7b5


The password is testtesttest

I am not certain about the following, but I believe when the password is salted with 58248916-e804-465c-85d2-bd5da4a805cf, it generates,
Code:
fddb8f9b6a1e7c39ddefabe933f4104e2842d8e252b0cf1dd1a04457939ad47




Thank you.
Reply
#2
I inadvertently omitted a character in the salted hash (second hash) that I posted above. The correct salted hash is: 

Code:
1fddb8f9b6a1e7c39ddefabe933f4104e2842d8e252b0cf1dd1a04457939ad47
Reply
#3
Thank you.  I tried these on both hashes, but none worked.  However, I'm not sure how to format the hash with the salt.  Do I paste the salt at the beginning of the hash/key ?
Reply
#4
(11-07-2022, 09:46 PM)marc1n Wrote: https://hashcat.net/wiki/doku.php?id=example_hashes

Thanks again. Apologies for my nativity, but in looking at the example hashes of the 8 "recognized hashes", I don't see any obvious file separator where an iv/salt would be inserted.  Can you guide me a little more?  Thanks.
Reply
#5
I'm still struggling with this and hoping someone can give me a hint.  At this point, I'm trying to figure out how to combine the salt with the hash  The examples didn't help, unfortunately.  

Thanks
Reply
#6
Are you sure it is a hash or is it encrypted text?
Code:
$ echo -n 'the quick brown fox jumps over the lazy old dogs back' | openssl aes-256-cbc -e -salt -pbkdf2 -iter 10000 -out ciphertext.enc -p
enter AES-256-CBC encryption password: testtest
Verifying - enter AES-256-CBC encryption password:
salt=F903D4DDFAC55AF1
key=AD6197A8AE7A4AF2FD58B74FA4D1B5C7F4480B1BAD8A164D64652C4DD3EBDFC0
iv =EDA1AF9277A3BA6F4B4B14808D39A5D1

Will say that there is absolutely no chance to identify the underlying algorithm for your posted encrypted text.
Reply
#7
(11-16-2022, 08:46 PM)ZerBea Wrote: Are you sure it is a hash or is it encrypted text?

Thank you.  It is not encrypted text.  I further determined that the first string I posed is the hash, i.e.,

Code:
9b968a5c3888d1b959bce46371dbc037c0874575af523467d3896fe608fdc2fb0ff122fdc9680c0bdd7aff0db66cf7b5

and the salt is 

 58248916-e804-465c-85d2-bd5da4a805cf 
Reply
#8
In that case (it is a hash) hashcat isn't useful (PBKDF2-HMAC-AES-256-CBC) because it only provide this generic KDF functions:
Code:
11900 | PBKDF2-HMAC-MD5                                            | Generic KDF
12000 | PBKDF2-HMAC-SHA1                                           | Generic KDF
10900 | PBKDF2-HMAC-SHA256                                         | Generic KDF
12100 | PBKDF2-HMAC-SHA512                                         | Generic KDF
Reply
#9
(11-17-2022, 08:01 AM)ZerBea Wrote: In that case (it is a hash) hashcat isn't useful (PBKDF2-HMAC-AES-256-CBC) because it only provide this generic KDF functions:
Code:
11900 | PBKDF2-HMAC-MD5                                            | Generic KDF
12000 | PBKDF2-HMAC-SHA1                                          | Generic KDF
10900 | PBKDF2-HMAC-SHA256                                        | Generic KDF
12100 | PBKDF2-HMAC-SHA512                                        | Generic KDF


Thank you. Do you have any suggestions on what alternatives I might search for?
Reply
#10
I'm still trying to get this to work. If I can find the algorithm used to create the hash, is it difficult to create a module to use with Hashcat?
Reply