+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html)
+--- Forum: Very old oclHashcat-lite Support (https://hashcat.net/forum/forum-22.html)
+--- Thread: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) (/thread-2177.html)
Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - beachtrip - 03-27-2013
So I've been trying to use JTR to crack a text file I've created that contains the follow:
Code:
iamUser:3####7C7#C318F5####40#B####C42####AC##05E######26username:hash
Now reading the Wiki is states:
Quote:Due to its architecture, only XXX($pass.$salt) algorithms can be implemented. Algorithms using the opposite XXX($salt.$pass) can not be implemented.
Now I'm guessing the username is the "salt" so to be able to use oclHashcat-lite I need to reverse the text file?
This is JTR output: salted SHA-1 [128/128 SSE2 intrinsics 8x]
I'm really lost so I'm trying to put things together. Sorry if this is a stupid question.
Thanks,
Beach
RE: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - epixoip - 03-27-2013
sha1(pass.salt) and sha1(salt.pass) are two different algorithms. if you need sha1(salt.pass) then you cannot use lite.
but if you have a hash in user:hash format, what leads you to believe it is a salted algorithm? are you sure the password is salted with the username? if so, are you positive the algorithm is sha1(pass.salt)?
RE: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - beachtrip - 03-27-2013
Wow! Thanks for the quick response. I'm using this tutorial:
http://www.hackmac.org/tutorials/decrypt-os-x-user-account-passwords/ on a VM of my old computer.
The tutorial says JTR should report "Loaded 1 password hash (Mac OS X 10.4+ salted SHA1 [32/64]"
RE: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - epixoip - 03-27-2013
oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.
the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.
consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.
Code:
epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dbahashcat requires hashes to be in hash
alt format, so you just take the first eight chars and move them to the end of the hash, separating it with a colon.1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F
you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.
Code:
epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 testRE: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - epixoip - 03-27-2013
actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.
RE: Trying to understand what I'm doing. SHA1. sha1($pass.$salt) - beachtrip - 03-27-2013
(03-27-2013, 08:15 AM)epixoip Wrote: actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.
Before I sold my 10.4 machine I converted it into a VM. I have my desktop running OSX and Windows. I've just installed a drive to install Ubuntu on to. That machine has 2x GTX460 and a GTX670
(03-27-2013, 08:05 AM)epixoip Wrote: oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.
the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.
consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.
Code:epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dba
hashcat requires hashes to be in hash
1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F
you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.
Code:epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 test
Wow. Thanks a lot for all the help. I'll give this a try today and report back.