+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. (/thread-653.html)
Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - Geocacher - 11-20-2011
I have a salted SHA1 hash that contains the the solution to a geocaching puzzle and the puzzle author intended that a brute-force method be used in solving it. :
8882caa3b88a5a16fad6287e26d8a8f9454ad643
I know that the salt is "PEPPER" and that the plain-text will have the form "N51 03.### W114 07.###", where # = 0...9
My computer is a 3.4 GHz Intel Core i& iMac with 16 GB or 1333MHz DDR3 memory. I have Windows XP installed under Parallels, so I am able to run hashcat as a Windows program.
I'm absolutely new to hashcat, so I could really use some step-by-step help to set it up to solve for the "#"s in the noted plain-text.
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - atom - 11-20-2011
Hey Geocacher,
much thanks for asking us for support in this challange
There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:
Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"
You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:
1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"
2. open cmd windows and type:
Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt
The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor
I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - ntk - 11-20-2011
OclHashCat is a study for itsself.
Intrigueing by this challenge, I follow you both to see how it works. I use oclHashcat-plus-0.06 there is no oclHashcat-lite64.bin in there so I think I can use oclHashcat-plus64.bin with the right hash type. That should work.
I could not resolve with the command line
oclHashcat-plus64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d". My system keeps saying Exhaulted!
So oclHashcat-lite64.bin is very different from oclHashcat-plus64.bin
It must work somehow, so I test GUI, with the information provided, it works if in the mask I don't use the " ", but in this case the generated command would be displayed as
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 PEPPERN51 03.?d?d?d W114 07.?d?d?d
Go to terminal test that command then it solves the problem only when using
oclHashcat-lite64.bin --hash-type 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"
I think I understand the logic, why there are differences. But in OCHL to be on the side of Exhaulted or Cracked it really requires a bit to study\experiment.
But is does work. Yes, and very quick.
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - undeath - 11-20-2011
if you read the documentation/wiki/help you had realized -plus does not support masks (and only passwords up to 15 chars).
The need of double quotes around the string if spaces are used is not hashcat-specific but is the way the windows cmd (and unix shells as well) work.
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - Geocacher - 11-20-2011
Thanks for such a quick reply.
I have to go out this morning, but will give it a try this afternoon.
Once I've got it or run into a brick wall, I'll post a note in the forum.
hashcat sounds like the perfect program for this type of puzzle.
I'm surprised that nobody has ever mentioned in in geocaching circles.
I can see the potential for my own puzzles using some of its other features.
(11-20-2011, 11:15 AM)atom Wrote: Hey Geocacher,
much thanks for asking us for support in this challange
There are many ways to solve this problem, but the one I prefer when it comes to single hashes and partially known plaintext is using oclHashcat-lite:
Quote:oclHashcat-lite64 -m 100 8882caa3b88a5a16fad6287e26d8a8f9454ad643 "PEPPERN51 03.?d?d?d W114 07.?d?d?d"
You do not have access to a GPGPU enabled card in your iMac, but you can use CPU based hashcat:
1. open notepad, place the hash 8882caa3b88a5a16fad6287e26d8a8f9454ad643 on the first line and save it as "hash.txt"
2. open cmd windows and type:
Quote:mp64 "PEPPERN51 03.?d?d?d W114 07.?d?d?d" -o wordlist.txt
hashcat-cli64 -m 100 hash.txt wordlist.txt
The tool "mp64.bin" is the maskprocessor, one of the tools of the hashcat suite. See here for download link: http://hashcat.net/wiki/maskprocessor
I have it cracked. I just dont want to post it here and destroy the challange this way. If you need the result PM me.
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - forumhero - 11-20-2011
this is interesting. i was able to crack it using atom's command syntax but wasn't able to with this command:
oclHashcat-lite64 -m 101 8882caa3b88a5a16fad6287e26d8a8f9454ad643
EPPER "51 03.?d?d?d W114 07.?d?d?d"What's the difference between the two?
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - undeath - 11-20-2011
you missed an "N"
RE: Need Help: Trying to Brute Force a salted SHA1 hash for a geocaching puzzle. - Geocacher - 11-20-2011
Hey atom,
All I can say is, WOW!!!
I used the current revisions of the components from the site and followed your instructions to the letter.
Apparently; my iMac was very much up to the challenge.
It quite literally blinked and spit out a single solution.
I didn't even see the status screen before it was done. It was that quick.
(Hashcat 0.37 apparently initialized with 8 threads and a 32mb segment size.)
I've sent the solution off to the puzzle author for verification. It's too cold out today to trek out to the cache site, unless it's a valid solution (But I really think it is, since it plots out nicely on google maps).
Here is a link to the related geocache page for those who are interested in seeing why I was trying to crack the hash:
http://www.geocaching.com/seek/cache_details.aspx?guid=ed01d850-d71b-44c6-a298-ca2b54ff85ee
I'd like to express my sincere appreciation for your help and that of those on the forum.
This is a great example of using Hashcat to have some real fun and to let it "strut its' stuff". First rate program and a great "get your feet wet" tutorial.
This got me interested. I'm thinking of developing a puzzle of my own that uses one-way hashes.
Regards;
Geocacher