GHash - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: GHash (/thread-7726.html) |
GHash - JunkPassword - 08-07-2018 From what I can tell, hashcat does not have a module for G-Hash-32. Does anyone know of a program than can encrypt (e.g. for use in a known plain text attack) or crack G-Hash-32 hashes? I am trying (with permission) to crack password hashes from an IBM 4690 OS version 6 enhanced. Based on parsing the adxcsouf.dat file, it appears that this OS has switched from using adxcrypt or sha1 to G-Hash-32. RE: GHash - undeath - 08-07-2018 what is G-Hash-32? RE: GHash - JunkPassword - 08-09-2018 (08-07-2018, 11:42 PM)undeath Wrote: what is G-Hash-32? The format of the password file appears to be a space / tab delimited list of numerical user ID followed by an eight digit numerical hash. All hashes are in the mask format ?d?d?d?d?d?d?d?d I was able to get access to a test users in order to compare known and cipher text passwords. Known plain text = 30 Cipher text =43891846 Known plain text = 31 Cipher text =43691826 Known plain text = 32 Cipher text = 43391806 When I initially feed the cipher text to Blackploit’s Hash_ID.py (v1.1) it suggested GHash-32-5 and GHash-32-3 as possible hash formats. Thanks for the link to Nitrxgen http://www.nitrxgen.net/hashgen/. It looks like a very usueful tool. Based on my known inputs the hashes don’t match Ghash v3 or Ghash v5. I found a file hashing tool (http://rehash.sourceforge.net/rehash.html) that seems to support GHash-32-3, GHash-32-5. I tried setting a file’s contents to “32” and calculating the ghash of the file with rehash. The result was different than Nitrxgen and didn’t match the cipher text. At this point I’m not sure if the hash really is ghash or not. I am going to play with the numbers in Mathematica a bit to see what I can come up with. RE: GHash - undeath - 08-09-2018 Don't blindly trust "hash identificators". They just wildly guess. In cases of raw hashes it's an impossible job. If you want to find the correct hash algorithm read documentation or reverse engineer the software. RE: GHash - dhiru - 08-15-2018 > The format of the password file appears to be a space / tab delimited list of numerical user ID followed by an eight digit numerical hash. Are the different numerical user IDs separated from each other via newlines? RE: GHash - JunkPassword - 08-18-2018 On the actual system, it appears that its tab delimited (no new lines) userid, hash, userid, hash... However I an not 100% sure due to ASCII / encoding display. (08-15-2018, 01:24 PM)dhiru Wrote: > The format of the password file appears to be a space / tab delimited list of numerical user ID followed by an eight digit numerical hash. |