Please help this newbie
#1
My mother used a cloud storage with password to store her family photographs, and now—years later--, she only remembers part of the password.   The good news is that the password is short and she remembers all or most of the characters.  However, I’ve been struggling with hashcat for weeks, trying to figure out which settings to use for it to recognize the hash. 

I know that her account uses PBKDF2 with an “initialization vector”, and I’ve tried nearly every possible algorithm. The hash is not recognized.  
 
Two questions I’m struggling with are:  

Where do I use the initialization vector?   Does this hash need to be converted to base64, and if so, how can I do that? 
 
Any help would be appreciated.





Any help would be appreciated.
Reply
#2
https://hashcat.net/wiki/doku.php?id=example_hashes
Reply
#3
(11-11-2022, 11:03 AM)marc1n Wrote: https://hashcat.net/wiki/doku.php?id=example_hashes

For the last week, I've been using these examples, but I just can't get any to work with the hash.  It seems that the hash may need to be converted/combined, but I can't figure out how to do that.
Reply
#4
(11-11-2022, 07:23 PM)heather Wrote: For the last week, I've been using these examples, but I just can't get any to work with the hash.  It seems that the hash may need to be converted/combined, but I can't figure out how to do that.

In other words, it sounds like your hashmode is unsupported by hashcat and a plugin or module would need to be built for it.
Reply
#5
(11-11-2022, 10:52 PM)slyexe Wrote: In other words, it sounds like your hashmode is unsupported by hashcat and a plugin or module would need to be built for it.

As reminder, I have not even figured out how to incorporate the initialization vector into the hash.  Before determining it's "unsupported", wouldn't I need to do that first and then convert to base64?.  I'm so lost.  Can you tell me why you believe it's unsupported?
Reply
#6
(11-12-2022, 01:57 AM)heather Wrote:
(11-11-2022, 10:52 PM)slyexe Wrote: In other words, it sounds like your hashmode is unsupported by hashcat and a plugin or module would need to be built for it.

As reminder, I have not even figured out how to incorporate the initialization vector into the hash.  Before determining it's "unsupported", wouldn't I need to do that first and then convert to base64?.  I'm so lost.  Can you tell me why you believe it's unsupported?

You have some sort of hash, right? Can you post it here?
Reply
#7
Yes I can! 

 This is the IV hash:    

Code:
15bdb4a5-7d42-44df-8656-e2fbfadf938c

and this is the "key" hash:

Code:
f4bc9defa0dfea5e20bd4f774a4ec9302f64aa05775967236e5baceb986362be1f360d67e7a4228072c02ea43c7f3235
Reply
#8
Well if you know most of the characters, can't you just make a table of all permutations of the possible passwords and try them one at a time. It's not cracking the hash or using hashcat, but it might allow you to get your pictures back....
Reply
#9
Im not quite sure, but i think something missing.

How did you get the IV and hash from a cloudstorage? is there any export function? if yes, how can you export these data without primary signin in?

some other aspects like iterations are also not mentioned, i dont think that you have all the data you need to crack these password
Reply
#10
(11-21-2022, 10:33 PM)drsnooker Wrote: Well if you know most of the characters, can't you just make a table of all permutations of the possible passwords and try them one at a time. It's not cracking the hash or using hashcat, but it might allow you to get your pictures back....

That's a good idea, but there are too many permutations (at least thousands) for me to try it by hand.
Reply