hashcat Forum
Noob Question about Hashes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Noob Question about Hashes (/thread-3840.html)



Noob Question about Hashes - jimbob57566 - 11-16-2014

I kinda understand hashes i think, but I haven't got a clue how I'm meant to find them.
If I want to gain access to a specific website I used to have an account for, how do I know what hash to use for an attack. It seems like I'm missing something obvious because no guides seem to mention it at all, they all just assume that I have a hash to crack.

Any help is gratefully received.


RE: Noob Question about Hashes - epixoip - 11-17-2014

Generally you need to have access to the password database to obtain hashes. This generally involves compromising a system at some level. The exception to this is e.g. network protocols (WPA, NetNTLM, Kerberos, etc.) and non-hash formats (MS Office, TrueCrypt, etc.)


RE: Noob Question about Hashes - _NSAKEY - 11-25-2014

Once you've actually gotten your hands on a hash or list of hashes, HashTag.py is really good at determining the hash's algorithm. The same guy runs OnlineHashCrack but my personal experience is that HashTag.py is better.


RE: Noob Question about Hashes - jimbob57566 - 11-25-2014

Interesting. I had thought that this was a system where you could point it at a login field and it was just try every password possible through aaaaa - zzzzz assuming it knew the username.


RE: Noob Question about Hashes - epixoip - 11-25-2014

(11-25-2014, 05:11 AM)_NSAKEY Wrote: HashTag.py is really good at determining the hash's algorithm.

No, it isn't.


RE: Noob Question about Hashes - epixoip - 11-25-2014

(11-25-2014, 06:40 PM)jimbob57566 Wrote: Interesting. I had thought that this was a system where you could point it at a login field and it was just try every password possible through aaaaa - zzzzz assuming it knew the username.

No. What you are describing is an online brute force attack. Hashcat is for offline attacks.


RE: Noob Question about Hashes - _NSAKEY - 11-26-2014

(11-25-2014, 11:45 PM)epixoip Wrote:
(11-25-2014, 05:11 AM)_NSAKEY Wrote: HashTag.py is really good at determining the hash's algorithm.

No, it isn't.

Can you recommend a better solution? HashTag.py hasn't let me down yet, but I'm always open to using something better.


RE: Noob Question about Hashes - epixoip - 11-26-2014

tools like HashTag.py are worthless at best, and at worse are very misleading and may cause you to waste a ton of time.

if the hash has an identifier, then you already know what it is and you don't need some piece of software to tell you what it is.

if the hash doesn't have an identifier, then there is no way to determine what algorithm was used unless you already know in advance what algorithm was used. you can only guess.