+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: After reading and trying a lot I need help to use hashcat / recover my own password (/thread-12471.html)
After reading and trying a lot I need help to use hashcat / recover my own password - yasmich - 01-15-2025
Hi everyone,
Well, it seems like I had to start getting to know this world a bit for my own mistake of forgetting a password for installing a digital certificate.
I went through a hell of paperwork to get to the final step of being able to install the digital certificate of our non profit but I need to introduce a password I had to set up at the beginning of the process and I can't remember it.
The password needs to be introduced in a downloaded program and going through the program files, I got the following information:
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to be accessible
# only by the owner.
# o The jmxremote.passwords file will be re-written by the server
# to replace all plain text passwords with hashed passwords when
# the file is read by the server.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File format of the jmxremote.password file
##############################################################
#
# The file contains multiple lines where each line is blank,
# a comment (like this one), or a password entry.
#
# password entry follows the below syntax
# role_name W [clearPassword|hashedPassword]
#
# role_name is any string that does not itself contain spaces or tabs.
# W = spaces or tabs
#
# Passwords can be specified via clear text or via a hash. Clear text password
# is any string that does not contain spaces or tabs. Hashed passwords must
# follow the below format.
# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
# where,
# base64_encoded_64_byte_salt = 64 byte random salt
# base64_encoded_hash = Hash_algorithm(password + salt)
# W = spaces or tabs
# hash_algorithm = Algorithm string specified using the format below
# https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms
# This is an optional field. If not specified, SHA3-512 will be assumed.
#
# If passwords are in clear, they will be overwritten by their hash if all of
# the below criteria are met.
# * com.sun.management.jmxremote.password.toHashes property is set to true in
# management.properties file
# * the password file is writable
# * the system security policy allows writing into the password file, if a
# security manager is configured
#
# In order to change the password for a role, replace the hashed password entry
# with a new clear text password or a new hashed password. If the new password
# is in clear, it will be replaced with its hash when a new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# A user generated hashed password file can also be used instead of clear-text
# password file. If generated by the user, hashed passwords must follow the
# format specified above.
#
# Caution: It is recommended not to edit the password file while the
# agent is running, as edits could be lost if a client connection triggers the
# hashing of the password file at the same time that the file is externally modified.
# The integrity of the file is guaranteed, but any external edits made to the
# file during the short period between the time that the agent reads the file
# and the time that it writes it back might get lost
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# This file must be made accessible by ONLY the owner,
# otherwise the program will exit with an error.
#
# In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
# For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
# In order to prevent inadverent edits to the password file in the
# production environment, it is recommended to deploy a read-only
# hashed password file. The hashed entries for clear passwords can be generated
# in advance by running the JMX agent.
#
##############################################################
# Sample of the jmxremote.password file
##############################################################
# Following are two commented-out entries. The "monitorRole" role has
# password "QED". The "controlRole" role has password "R&D". This is an example
# of specifying passwords in the clear
#
# monitorRole QED
# controlRole R&D
#
# Once a login attempt is made, passwords will be hashed and the file will have
# below entries with clear passwords overwritten by their respective
# SHA3-512 hash
after which two lines of hashse are given after a monitorRole and controlRole being titled
I installed hashcat (I use linux) and try to make it work but I got the "No hash-mode matches the structure of the input hash." error message so I thought maybe I am using the wrong input number 17600 for Sha3-512 and went to https://crackstation.net/ to check the hash and it says "Unrecognized hash format".
So I am now totally lost with all my efforts.
I really need the digital certificate and I have no idea how to retrieve that password.
Thank you for your help
RE: After reading and trying a lot I need help to use hashcat / recover my own password - Snoopy - 01-15-2025
short answer, not supported but maybe possible to attack
long answer
given your infos your hashentries looks like this: Base_64_SALT Base_64_HASH Algorithm
with HASH = SHA3-512(password + salt)
mode 17600 is just plain sha3-512(password), so salted sha-3 is not supported and also the base64_encoding for input/output
i didnt' find any other mode that seems to fit these given parameters, so your input doenst fit
given the fact you want to attack just one hash, you could decode the base64_values but then you will run into the next problem when it come to sha3-512(password + salt) as input for mode 17600
you could try to utilize a combintator attack with
dict1(passwords) dict2(salt) to mimic a salted input, this attack vector needs to be verified by trying it with a "known" password beforehand as you cannot really now how sha3-512(password + salt) is implemented by your programm, could be just (passwordsalt) or (password
alt) or (password salt) so these possible attack needs to be verified with an known password