+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: SHA1 - Unable to use MD5 as a password (/thread-5539.html)
SHA1 - Unable to use MD5 as a password - zeroprobe - 06-23-2016
Is it correct functionality of hashcat that a password of 32 characters (MD5) cannot be used for SHA1 in hashcat?
I was trying to use md5's as potential passwords but found this limitation. Passwords of 31 characters are OK.
Is there any way around this?
RE: SHA1 - Unable to use MD5 as a password - atom - 06-23-2016
First, the limit on 31 is not true for all cases, there's ways to support up to 55: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#what_is_the_maximum_supported_password_length
Anyway, to crack the supposed algorithm, use -m 4700 not -m 100
RE: SHA1 - Unable to use MD5 as a password - stepMode - 06-23-2016
Well if I understood your 1st post right you want to crack a SHA-1 hash which in plaintext is a 32 char long hex-string right?
You would have to use the attackmode 1 which is combinator, in this mode your plaintext can go up to 55 chars, as atom already linked.
RE: SHA1 - Unable to use MD5 as a password - zeroprobe - 06-23-2016
EDIT:
RE: SHA1 - Unable to use MD5 as a password - zeroprobe - 06-23-2016
(06-23-2016, 02:16 PM)zeroprobe Wrote: I split my MD5's in the middle.
Combination won't work, too many combinations. I got mixed up.
Is there any way to use a wordlist of md5 hashes as passwords for a SHA1?
RE: SHA1 - Unable to use MD5 as a password - FlippingGerman - 06-24-2016
What if you take your MD5s, chop off the last character, and then use combinator to out it back on? Slow, but faster than anything else.
RE: SHA1 - Unable to use MD5 as a password - atom - 06-25-2016
why don't you just use -m 4700
RE: SHA1 - Unable to use MD5 as a password - zeroprobe - 06-25-2016
(06-25-2016, 10:52 AM)atom Wrote: why don't you just use -m 4700
Doesn't seem to crack with 4700. However taking off 1 character of the md5 password allows it.
Are you able to test? Do you have the same issue.
RE: SHA1 - Unable to use MD5 as a password - atom - 06-26-2016
see here:
Code:
root@ht:~/hashcat# echo -n test | md5sum
098f6bcd4621d373cade4e832627b4f6 -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#RE: SHA1 - Unable to use MD5 as a password - zeroprobe - 06-27-2016
(06-26-2016, 10:14 AM)atom Wrote: see here:
Code:root@ht:~/hashcat# echo -n test | md5sum
098f6bcd4621d373cade4e832627b4f6 -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#
I understand now, hashcat will do the real time conversion of the passwords to MD5 to use against the SHA1.
I was using password lists of MD5s.