hashcat Forum
m 3800 with different starting and ending salts - how? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: m 3800 with different starting and ending salts - how? (/thread-8201.html)



m 3800 with different starting and ending salts - how? - jok40 - 03-05-2019

There is a web-framework Yii, in which the password is hashed by the following algorithm:

Code:
md5( 'somekey' . $password . $email )

In the wiki, I found that option 3800 is best for brute force.
However, the hash example contains only one salt: 2e45c4b99396c6cb2db8bda0d3df669f:1234

How do I use different salts?

If I write in the hash-file 'somekey:19xxd6xx7exx1dxx0dxxc4xxccxx02xx:admin@*****.com', then I get the error message 'Token length exception'.


RE: m 3800 with different starting and ending salts - how? - undeath - 03-05-2019

mode 3800 only supports a single salt. You need to use mode 20 and create your attack in such a way that the email (second salt) is always appended to the actual candidate.


RE: m 3800 with different starting and ending salts - how? - jok40 - 03-06-2019

Yes, with hash mode 20 everything worked out. I wrote down the email in a separate email.txt file and cracked the password with the following command:

Code:
hashcat64 -m 20 -a 1 pass.hash dict.txt email.txt

Thanks!