Identification of hash type. - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: Identification of hash type. (/thread-7118.html) |
Identification of hash type. - Kangaroot - 12-19-2017 I was trying to figure out what below hash type it. Non of the hash identifiers could give me a clue, it also has a hash salt with it, but don't know in what format they both are being used. If anyone could help to identify is one? This isn't real a used password and was only created for learning purpose. HASH: REDACTED HASH SALT: cHn[H#=8GSN3FLjU#j5l+^MpQVCEgJ%g RE: Identification of hash type. - DanielG - 12-19-2017 It looks base64 encoded and missing the padding. If you base64 decode it, it returns a 512bit length 'hash'. however, without any more information (how the salt is used, which 512bit hash is used, etc) it will be very difficult to reverse engineer. Also, if this isn't a 'real used password and was only created for learning purpose.' why not tell us what the password is? Perhaps set "hashcat" as the password and try sha512($salt . $pass) and sha512($pass . $salt) and see if that's it. RE: Identification of hash type. - Kangaroot - 12-19-2017 I cannot reveal this one as it is one of my passwords used somewhere else, but I can create one for the test if that helps. For example: password: Password123 hash: 1NeXFGujmgkMtIfkntNPkeFKHYU1Dxf3GtK8/uGR8t3M4ouQoZob+VTjtzO4NIB9T4L9VEB0eFIA8jPdAO5cVg hash salt: D}SAM}naWQNHtD1)JFOU*KfZF!0qydU. (bty, full stop in hash alt is legit and is part of the salt) RE: Identification of hash type. - epixoip - 12-19-2017 @Kangaroot: not wise to post your own password hash on these forums, especially if you're admitting to password reuse. Anyway, with a proper hash:plain pair this is super simple to reverse engineer. As @DanielG mentioned this is base64 encoding with the padding stripped off. Add back the padding, re-encode as hex: Code: epixoip ~ $ echo -n 1NeXFGujmgkMtIfkntNPkeFKHYU1Dxf3GtK8/uGR8t3M4ouQoZob+VTjtzO4NIB9T4L9VEB0eFIA8jPdAO5cVg== | base64 -d | xxd -p -c 1024 The salt doesn't appear to be encoded so we can assume it's a literal value. So now we just start making logical guesses as to what the algorithm might be. First logical guess is sha512(pass.salt): Code: epixoip ~ $ echo -n 'Password123D}SAM}naWQNHtD1)JFOU*KfZF!0qydU.' | sha512sum Aaaaand we have a winner. RE: Identification of hash type. - Kangaroot - 12-19-2017 To wrap up, what will hashcat command look like in the end if it is sha512($pass . $salt)? RE: Identification of hash type. - epixoip - 12-19-2017 We did the hard part for you. From here, everything is documented. Read the wiki, read the --help. RE: Identification of hash type. - Kangaroot - 12-19-2017 Thank you for helping. |