bcrypt hash with salt - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: bcrypt hash with salt (/thread-7969.html) Pages:
1
2
|
RE: bcrypt hash with salt - Loopy - 11-27-2018 Undeath, epixoip, and Mem5 are absolutely correct about your chances to brute force bcrypt from nothing, assuming a password of normal or greater length and complexity. Listen to them. If you absolutely have to get the password and know nothing about it to make a more educated mask, you may want to generate a wordlist from other files on the drive using strings or something similar, then try the bcrypt again with that wordlist and maybe some rules (attack mode 0, instead of mask do /path/to/wordlistr and -r /path/to/rule). Depending on the OS and version the bcrypt is from, you may also have better luck cracking the user/root passwords from the shadow/master.passwd file, and using those as intel for the bcrypt password depending on what else you may know. Usually, the hashing methods used for the shadow/passwd files are faster than bcrypt. For the sake of knowledge and learning, you don't need to use a custom character set 1 to specify ?a and then use the mask ?1. You can directly call/reference ?a as your password candidate mask - ie, in your example, you can do Code: hashcat -m 3200 -a 3 hashes.txt ?a?a?a?a?a?a?a?a?a?a Another tip is that with a specific mask of length 10, as you use, hashcat will not automatically try passwords of length 1 through 9. You can solve this with the "-i" option, for increment, in concert with "--increment-min=x" and --increment-max=y", as needed. For example, Code: hashcat -m 3200 -a 3 -i --increment-min=1 --increment-max=10 hashes.txt ?a?a?a?a?a?a?a?a?a?a Back to my hole. (11-22-2018, 04:38 PM)sleclerc Wrote: if I use the following command hashcat -m 3200 -a 3 -1 ?a hashes.txt ?1?1?1?1?1?1?1?1?1?1 RE: bcrypt hash with salt - sleclerc - 11-28-2018 Thank you for the response. From the example you provided how does hashcat know what salt to use ? do I add the salt at the end of the line? RE: bcrypt hash with salt - undeath - 11-28-2018 The salt is usually part of the bcrypt hash itself. If you have an additional salt that is non-standard and you either have to incorporate it into your attack somehow or hack the kernel. |