+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Bruteforce partial HASH SHA1 (/thread-7794.html)
Bruteforce partial HASH SHA1 - Stown - 09-08-2018
hello!
Please advice, i want to find binary password that will produce specific bytes of SHA1 hash
Where to change code in .CL modules to allow compare only first 8 bytes of SHA1 hash?
for example
running hashcat -m 100 -a 3 my.hash ?b?b?b?b?b
i have my.hash with
1122334455667788A1A2A3A4A5A6A7A812345678
and i want to find all 5-byte passwords where hash will match first 8 bytes of hash
i.e. SHA1(pw5bytes) == [1122334455667788]
Thanks for helping.
RE: Bruteforce partial HASH SHA1 - atom - 09-08-2018
This is not support by default with hashcat, but it's pretty easy to hack hashcat to do it.
I've attached a diff to do so. Make sure to clean old objects and cached kernels, too.
Quote:$ make clean
$ rm -rf kernels
$ git reset --hard
$ git checkout 477216ccdbc5fb9600a5092c269abebf4156b6b5
$ git apply git_apply.txt
$ make
After modifications the original password should, by design, still crack it:
Quote:$ echo -n password |sha1sum
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 -
$ cat > hash
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
$ ./hashcat -m 100 hash -O -a 3 -w 3 password --potfile-disable --self-test-disable --quiet
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8:password
So if this works you're ready to run:
Quote:$ ./hashcat -m 100 hash -O -a 3 -w 3 ?b?b?b?b?b --potfile-disable --self-test-disable
Since the keyspace (2^40) of your mask is below the hash output size (2^64) there's no guarantee you will find a collision, except if the hash was actually created with a 2^40 password.
Also note that the modification for the kernel was only made for optimized -m 100 kernel in brute-force mode for single hashes. If you need other attack-modes etc you have to patch them as well.
RE: Bruteforce partial HASH SHA1 - Stown - 09-08-2018
Hi!
Thanks a lot, seems working. Yes, hash created exactly from 40 bits.
Even without touching interface.c (is important to place all 4 parts of digest?)
And, please, another question, how to modify to get all possible collisions in keyspase 2^40 ? to not break at first one.
Cause is in example above it found first resut and stops immediately.
RE: Bruteforce partial HASH SHA1 - undeath - 09-08-2018
use --keep-guessing