Find salt from hash - password - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Find salt from hash - password (/thread-10681.html) |
Find salt from hash - password - bobox - 03-24-2022 Hi there ! Need some help, to find the best way for that: I have the SHA1 hash, i known the password, i have parts of possible salt from hex file I search what part of file and how is used as salt Whats the best way to find this ? Thanks RE: Find salt from hash - password - Snoopy - 03-24-2022 is the salt fixed size? hashcat will not really help you, except you generate a list with all possible sha1alt combinations beforehand and then attack this list with your password, all you have to do is to generate this list, you can use hashcat --stdout or maskprocessor to help you building this list RE: Find salt from hash - password - bobox - 03-25-2022 (03-24-2022, 02:12 PM)Snoopy Wrote: is the salt fixed size? Hi, Thanks I suppose to have a salt, but not sure, extracted from hex file userTable6 from Alcatel switch with admin rights Is there anything about Alcatel ? i'm confused because we can find lot of modes but nothing about alcatel ?! They are Gods of Security ? RE: Find salt from hash - password - Snoopy - 03-25-2022 if you have admin rights and or access to this router, the best thing would be generating examples with known usernames and passwords and extract the data from the file/tabel you mentioned first of all, why do you think its sha1 (your initial question) there is no need for hashcat to support all types of vendors if they stick to some standard hashalgorithms which are already supported by hashcat RE: Find salt from hash - password - bobox - 03-25-2022 Its what i ve done But no samples i make works I think sha1 by size and from security doc found Finally. I understand thé non interest but impressionated by the secret guard by Alcatel RE: Find salt from hash - password - Snoopy - 03-28-2022 can you share the docs/links you found? if it is really sha1 then Alcatel maybe used some obfuscation like splitting the hash, reverse the content and the hashparts itself, adding a fixed salt or a generic one like mac-adress or similar to figure out how, well this is called reverse engineering and would take some time, maybe someone else already did this, most security researchers would start with the firmware of the router and try to figure out how passwort hashing is done |