sha-1 with salt cracking issue - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Deprecated; Ancient Versions (https://hashcat.net/forum/forum-46.html) +--- Forum: Very old oclHashcat-plus Support (https://hashcat.net/forum/forum-23.html) +--- Thread: sha-1 with salt cracking issue (/thread-2417.html) |
sha-1 with salt cracking issue - johnreich - 07-01-2013 Hi, i got these hashes from an ASP classic webapp. I put the password and salt in a file like this: *********96bd14de96149dba8426761fb1be4c2:3898279071 and a dictionary with the correct password: snobben9 i tried cudaHashcat-plus64.exe -m 120 C:\passcrack\hash.txt C:\passcrack\dict.txt and cudaHashcat-plus64.exe -m 110 C:\passcrack\hash.txt C:\passcrack\dict.txt but both fails to crack the hash, am i doing something wrong? Thanks in advance for any help EDIT: censored hash and set correct salt. RE: sha-1 with salt cracking issue - philsmd - 07-01-2013 (07-01-2013, 07:37 PM)johnreich Wrote: ...am i doing something wrong? Yes, you post hashes here, while the forum rules clearly say you should NEVER post hashes. https://hashcat.net/forum/announcement-2.html BTW: who says that the password is what you claim it is? Verify it with: echo -en "[YOURPASS][OPTIONALHEXLIKETHIS:\xaa AFTER OR B4 PASS?]" | sha1sum RE: sha-1 with salt cracking issue - johnreich - 07-01-2013 (07-01-2013, 07:48 PM)philsmd Wrote:(07-01-2013, 07:37 PM)johnreich Wrote: ...am i doing something wrong? I'm sorry i should have made its clear that it's my app and it's just a test user, i just wanted to try hashcat for fun. Thats why i know it's the correct password too. RE: sha-1 with salt cracking issue - philsmd - 07-01-2013 Again, no reason to post hashes unmasked (but I see you now modified your 1st post, good). So are you able to generate the *same* hash w/ e.g. sha1sum or an online hash generator? If you are only able to use windows, maybe this is an option: http://blog.nfllab.com/archives/152-Win32-native-md5sum,-sha1sum,-sha256sum-etc..html ... or a simple php/asp script. Maybe your app does sth. different (or wrongly), maybe the salt is converted somehow? Would you mind share the code snip or at least tell us with which tool/online generator you were able to generate the *same* hash that *hashcat wasn't able to crack? The idea is, if you know the password and salt, any online sha1 generator or sha1sum tool etc *must* generate that hash, otherwise *you* did sth. wrong in code. RE: sha-1 with salt cracking issue - johnreich - 07-02-2013 Sorry for the late reply, you are correct something is wrong. Unfortunately i didn't code the login part and i dont have access to the code since im on vacation atm, hence the playing around with hashcat. I tried to look around at how ASP classic hashes are done but it seems pretty straight up. What could be going on, hashing is done more than one time? the salt is converted in someway? its stored as numeric. RE: sha-1 with salt cracking issue - philsmd - 07-02-2013 The algorithm could use and do literally everything. I mean, it could iterate a random number of times (and store the number in salt), it could split the salt and prefix/suffix it, append it, suffix it, transform it first etc etc etc If it is your app, you should be able to check what it does AND know what it does, otherwise there is sth strange happening here. Our focus should also remain on recovering passwords and not instead blindly guess what an app could possibly do. Of course, sometimes this job also needs to be done, but *not* if it is an app/code under your control. Furthermore, it seems that before your changes the salt wasn't *at all* numeric (instead it seemed to be (I think) 4 hex chars)... so I am totally confused what you are trying to do here, why you changed the salt format and why one should *crack the algorithm* under his control RE: sha-1 with salt cracking issue - johnreich - 07-02-2013 (07-02-2013, 09:29 AM)philsmd Wrote: The algorithm could use and do literally everything. Sorry my head is in vacation mode, the first paste was from when i had tested to convert it to hex and see if that was the reason. But yes you are right it's going to be rather hard to know whats going on without the source and im just gonna wait till i get back to work where i can review the code. Thanks for the answers so far though |