hashcat Forum
how should i crack this type of hash (sha1 & salt) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: how should i crack this type of hash (sha1 & salt) (/thread-9143.html)

Pages: 1 2

how should i crack this type of hash (sha1 & salt) - iamatx - 04-18-2020

mail                    | crypted_password                                                        |  salt
  
dp@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:725372XXX5e22195365fbf266cd3aXXX20f1c140

w@gmail.com:00XXXX759d68827b090c63dcXXX115361fd5dc0c:NULL

its sha1 i think i can't figure out
help Tongue

RE: how should i crack this type of hash (sha1 & salt) - philsmd - 04-18-2020

The only way to know for sure is to have the source code (algorithm, or name and version of the platform, cms etc) that generated the hashes ... or to guess the algorithm by having at least one user for which you are 100% (one HUNDRED percent) sure about the password.

otherwise it's just a lame guessing game that could be impossible to solve (because there could be too many ways how the passwords could be hashed (like sha1 (sha1 ($s . sha1 ($s . $p) . $s) . $p) etc)

RE: how should i crack this type of hash (sha1 & salt) - iamatx - 04-18-2020

i used this website https://hashes.com/decrypt/basic/
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174
and
cracked this got
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:37346533633234666438336439326561373233383365396233613432393262646662386562313734:7365637265743838:SHA1DASH

e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174Confusedecret88

e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174Confusedecret88:SHA1DASH

RE: how should i crack this type of hash (sha1 & salt) - iamatx - 04-18-2020

SHA-1('--'.$salt.'--'.$pass.'--') it algo

RE: how should i crack this type of hash (sha1 & salt) - philsmd - 04-18-2020

you are NOT allowed to post hashes. read the forum rules. You will get banned by not following the rules.

As far as I understand, you are saying the algorithm is basically:
Code:
echo -n --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--secret88-- | sha1sum

so you must use -m 120 with a salt of "--74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--" (without quotes):
Code:
hash:salt

where salt is --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--

furthermore you need to apply the rule: $- $-
i.e. the append rule function is used twice to add both of the dashes

append_two_dashes.txt:
Code:
$- $-

Code:
hashcat -m 120 -r rules/best64.rule -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt


RE: how should i crack this type of hash (sha1 & salt) - iamatx - 04-19-2020

sorry for hash thanks for the help

hashcat -m 120 -r rules/best64.rule --username -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt

hashes_with_dashed_salts.txt=
a@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx

it's that correct?

and just one more help sorry for Tongue
(and am using gtx 1660 super but its giving me jus 8k-khs speed for md5 i used -w 3 update drivers still)
  

RE: how should i crack this type of hash (sha1 & salt) - philsmd - 04-19-2020

no, the salt must be with the dashes:
a@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:--74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx--

if you add users, you need to use --username to skip them.

for salted hashes the hash rate depends a lot on the number of salts.

It also depends on the number of rules and how huge your word list is. Normally, we would suggest to use -O too, but you might already be very close to the maximum length (55) if you combine salt and pass with optimized kernels (-O)... Therefore, it might not be worth the risk of not being able to crack the hashes (just because -O might fail because the combination is "too long").

RE: how should i crack this type of hash (sha1 & salt) - iamatx - 04-19-2020

okay thankyou 
for two dashes have to put it manually or "-r append_two_dashes.txt"
this is okay?

RE: how should i crack this type of hash (sha1 & salt) - philsmd - 04-19-2020

6 dashes total = 2+2 (around salt) + 2 (after pass)

the rules only add 2 dashes, that's why I named the file append_two_dashes.txt

RE: how should i crack this type of hash (sha1 & salt) - iamatx - 04-19-2020

so final this

a@gmail.com:--passhash:--salt--

or

a@gmail.com:--salt--:--passhash
.txt file ?
thankyou