hashcat Forum
PeopleSoft with salt - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: PeopleSoft with salt (/thread-6639.html)

PeopleSoft with salt - CracksforCrack - 06-13-2017


I'm testing a number of Peoplesoft hashes which hashcat takes in the expected format for -m 133, however mine are salted. The salts I have are 32 char strings, seemingly MD5? I've read that Peoplsoft salting is SHA-1 based (https://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/)  which doesn't match with the salts I have but does anyone know a way in which I can process my salted hashes to re-generate without the salt so I can then feed back into hashcat?

A touch off pure hashcat issues I admit however wanted to see if anyone had any insight.

Many thanks.

RE: PeopleSoft with salt - royce - 06-13-2017

The salt is intrinsic to the hash. The only way to rework the salts would be if you already had the plain text password.

RE: PeopleSoft with salt - CracksforCrack - 06-13-2017

Appreciate the response, thanks.

RE: PeopleSoft with salt - StaticFlow - 06-13-2018

Sorry to revive this thread but it seemed better than starting a new one. Royce, is there a way to extract the salt out of the hash if you do know the Password. I am on an engagement and have a users hash, salt, and plaintext credentials as well as a large collection of hashes and salts from other users that seem to be PeopleSoft. I wanted to verify their hash type by running the known hash through hashcat with a dictionary containing only its password but I ran into the same issue of there not being a mode for salted PeopleSoft hashes.

Thank you for any info you have!