cracking salted SHA1 - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: cracking salted SHA1 (/thread-7615.html) Pages:
1
2
|
RE: cracking salted SHA1 - fhd - 06-28-2018 (06-28-2018, 06:35 PM)undeath Wrote: don't use --hex-salt if your salt is not hex-encoded how can i know if it hex-encoded or not ? RE: cracking salted SHA1 - fhd - 06-29-2018 Hmmmmmm RE: cracking salted SHA1 - james79 - 09-22-2018 I'm trying to crack SHA1 hashes that look like this: Code: 0dbe0f2f378aa1861fcf30da82cc52f88fd7de1f:98bdb It seems to me this is wrong for a hex encoded salt. If it is a salt, I have no idea what it is. Does anyone know what this odd sha1 format is? RE: cracking salted SHA1 - atom - 09-24-2018 It does look like hex but I doubt that it is becuase true hex encoding would require an even number of characters as salt. RE: cracking salted SHA1 - james79 - 09-25-2018 (06-28-2018, 03:19 PM)fhd Wrote: Hi there, I ran into a similar problem. With the first two demo hashes, remove the prepended data carefully. If I understand this, the first two hashes might be SHA1 with salt or not. So make them like this: 8321515fd59efda4793e68ad364dd9acfaaef*** 8321515fd59efda4793e68ad364dd9acfaaef*** Perhaps the salts were prepended there, and if that is the case, put in this format: 8321515fd59efda4793e68ad364dd9acfaaef***:9***b 8321515fd59efda4793e68ad364dd9acfaaef***:9***b The last hash looks more reasonable, if it's a sha1($salt$plain): 8321515fd59efda4793e68ad364dd9acfaaef***:9***b It doesn't matter if the apparent hex chars don't quite stack up. Sometimes, the hashing scheme does not convert the hash to binary first, then output hex encoded salt. So the salts here are very likely just plain text salts that look like hex encoded salts with a char missing, like this sha1("91a2b".$pass). Put your hashes in this format, on the assumption it's sha1($salt$plain) with the salt as plain chars: 8321515fd59efda4793e68ad364dd9acfaaef***:9***b (in a file, e.g. hashes.txt) Now you can use hashcat mode 120 sha1($salt$plain): hashcat -a 0 -m 120 [other-options] hashes.txt wordlist.txt -r rules/best64.rule for example, where wordlist.txt is your selection of passwords, e.g. rockyou or something, and stick in a rule file if you don't get much without one. Rule files are very powerful. Hashcat is smart enough not to make assumptions, even though it looks like a bad hex encoded salt. So leave out options to specify hex encoding and just crack as usual. Hope this helps... |