+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old oclHashcat Support (https://hashcat.net/forum/forum-38.html)
+--- Thread: Help for a noob (/thread-4681.html)
Help for a noob - bithash - 09-15-2015
Hi, i'm a noob of this program.
I need help cracking an hash.
I know:
- plaintext
- hash of the plaintext (it seems an md5)
I need to know what algorithm it's used to generate that hash (if they use salt etc...).
It is possible to do that using hashcat?
I know it's not a simple task, because there are infinite possible combination of algoritms that can be used to generate an hash.
However, i'd like to give it a try and do at least these attacks (that are supported by hashcat):
- md5($pass.$salt)
- md5($salt.$pass)
- md5(unicode($pass).$salt)
- md5($salt.unicode($pass))
- md5(sha1($pass))
- md5($salt.md5($pass))
- md5($salt.$pass.$salt)
- md5(strtoupper(md5($pass)))
RE: Help for a noob - alert - 09-15-2015
I guess if it's 32 alphanumeric chars it is MD5 but then to corectly guess what you're asking for, if it's salted you'll have to bruteforce the salt and it's position ...
but you can also try thoses two for example wich are not salted
md5(strtoupper(md5($pass)))
md5(sha1($pass))
RE: Help for a noob - bithash - 09-15-2015
(09-15-2015, 04:05 PM)alert Wrote: but you can also try thoses two for example wich are not saltedI tried these, but it doesn't work. Probably it's salted.
md5(strtoupper(md5($pass)))
md5(sha1($pass))
(09-15-2015, 04:05 PM)alert Wrote: I guess if it's 32 alphanumeric chars it is MD5 but then to corectly guess what you're asking for, if it's salted you'll have to bruteforce the salt and it's position ...Yes, it's 32 alphanumeric chars.
What commandline parameters can I use to bruteforce salt?
For example, let's start with this:
md5($pass.$salt)
if i understood what you said, I need to to this:
pass
passa
passb
passc
....
passaa
passab
...
and so on...
What commandline parameters can I use to do this?
Can I use a dictionary for salt instead of brute-force?
RE: Help for a noob - alert - 09-16-2015
I'm no expert but i'm pretty sure yes,
in fact after reading docs,
command: -a 3 password?d
keyspace: password0 - password9
you just specify a pattern .(or mask) .. for bruteforce
and you'll find your way with dictionnary(straight)
and then again you're not sure of the salt position (salt.pass|pass.salt|p.s.a.a.s.l.s.t.word|.....)
and I'd say, but have little experience, salt usualy is quite random ... not easily coming out from a wordlist
good luck