hashcat Forum
Same password with two hashes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Same password with two hashes (/thread-11413.html)



Same password with two hashes - Emkei - 05-03-2023

Hello, I have two different SHA-1 (raw) hashes from a CTF game:
  • 2410911A7F9B916388D5782CA2F75488BFA*****
  • 63BBC0E1CF5FB647B51CC8C95A82BA30D05*****

Both hashes were cracked on the server onlinehashcrack.com as "tapinak" (without quotes, both passwords were marked as seven chars long so no white spaces are present).

I have no problem understanding the first hash, because of:

Code:
IN: echo -n tapinak | openssl sha1

OUT: SHA1(stdin)= 2410911a7f9b916388d5782ca2f75488bfa*****


I have a feeling that the encoding is the problem regarding the second hash, but I have no idea how to get that hash from the word "tapinak". Trying several encoding (windows-1250, utf-7, unicode, ISO-8859-2, ...) I always get the hash starting 24109... with some exceptions (below) but no hash starts with 63BBC0...:

Code:
IN: echo -n tapinak | iconv -t utf16le | openssl sha1
OUT: (stdin)= cb7d3774892aab8cafa90a34b2ae47cce65*****

IN: echo -n tapinak | iconv -t utf16be | openssl sha1
OUT: (stdin)= f2d090da947a8b9bbe1dcf82beba8d8493b*****


What am I overlooking? Any obscure encoding or it has nothing to do with encoding? Using hashcat I can crack only the first hash starting with 24109... (wordlist attack, brute-force attack) so how to tweak the hashcat parameters to be able to crack the second hash if I already know the password from the server onlinehashcrack.com? The same result with John The Ripper, it can crack only the first hash...

Thank you in advance for your help.


RE: Same password with two hashes - nick8606 - 05-03-2023

The 2nd hash is sha1('tapinak1')


RE: Same password with two hashes - Emkei - 05-03-2023

(05-03-2023, 01:05 PM)nick8606 Wrote: The 2nd hash is sha1('tapinak1')

Thank you, nick8606! The onlinehashcrack.com has led me astray, it has probably a faulty rainbow table.

[Image: xk18PVSH]