+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: SMF (/thread-2369.html)
Pages:
1
2
RE: SMF - bwaynef - 06-17-2013
The contents of my salt file is just usernames. How do I go about combining hashes and usernames?
RE: SMF - philsmd - 06-17-2013
We should really focus on the SMF problem here, what you are asking now is very trivial linux stuff. Anyway, paste this one-liner in your shell and you should see how it is combined. Add redirection at the end ( "> hash_0121.txt") to get the output into the hash_0121.txt text file that you can use later on
Code:
while read hash;do while read salt;do echo $hash:$salt;done < smfMembers-top200.salt; done < smfMembers-top200.hashRE: SMF - bwaynef - 06-17-2013
Let me restate my question, I believe the hashes are supposed to be salted w/ the usernames. I have hashes and I have usernames. What concerns me is that the example hash listed earlier has what appears to be $hash followed by a colon and a string of digits. Those digits don't seem to correspond to a username ...at least directly.
Should the usernames be filtered thru something like sha1sum before being tacked on to the end of the hash or should i have something like:
014f1ef02d52b27ae68670b119097d2309eb0d21
omeUser (which is what I'd get if I performed the above command)?Sorry to linger on such (seemingly) basic steps.
RE: SMF - bwaynef - 06-17-2013
DOH! I somehow missed that whole "passwdSalt" field in the database.
RE: SMF - philsmd - 06-17-2013
It is just like I said... please believe me, you should append the salt to the hash (separating hash and salt w/ colons, the salt is a normal string, doesn't need to be in hex or something like that).
The above command solves all your problems (unlikely! maybe some of them
). Otherwise wait for -e support in 0.46 release. ThxIt seems that you now have new info and can combine hash and salt directly, i.e. not each hash w/ every salt, but only the hash to the salt in question (same tuple in database). Therefore it makes no sense to generate the whole "hash file". Anyway you need to dump the database file into the correct format, which is again:
hash
altAnd please: don't post always twice, instead update your previous post, as I did here!
RE: SMF - bwaynef - 06-17-2013
My apologies for the double-post. Other forums I participate in discourage the editing of posts so I'm reluctant for that reason.
With a file formatted like this:
56df57b48654c07c0803d4cfa3872eb1c863d038:adfd
I chopped off the first 10 lines "head hashfile.txt >head.txt" (to get the first 10 hashes in a separate file for time's sake) and after adding a known password (of one of the hashes in head.txt) to the dictionary file, I ran:
../hashcat-cli32.bin -a0 -m121 -o results.txt -n8 --remove head.txt linked.dic
and got:
Recovered.: 0/10 hashes, 0/10 salts
Looks like I've still got work to do.
RE: SMF - bwaynef - 06-18-2013
So, the correct format of the hashfile is $40-character-hash:$not-necessarily-lowercase-username.
Sorry I'm so thick, but at least I've got a better understanding from plugging away at it myself (w/ much appreciation for all the help & links provided!)
Now I just have to figure out how to get ocl-hashcat working on this old linux box.