How does one crack Pbkdf2 w/hashcat? - Printable Version

How does one crack Pbkdf2 w/hashcat? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: How does one crack Pbkdf2 w/hashcat? (/thread-8391.html)

How does one crack Pbkdf2 w/hashcat? - Hond - 06-01-2019

Hello cats,

I have to recover hashes, hashed with this algorithm:
https://searchcode.com/codesearch/view/15603014/

Hond, 14[redacted]03, $p5v2$AcnbOh0MY$qREO3rp[redacted]RAzN4Mg1T4cAvP

PHP Code:
  protected $_algo = 'sha256';
        // PKCS #5, version 2
        // Python implementation uses $p5k2$, but we're not using a compatible
       // string. https://www.dlitz.net/software/python-pbkdf2/
       $output = '$p5v2$'; 

How would I crack $p5v2$AcnbOh0MY$qREO3rp[redacted]RAzN4Mg1T4cAvP alike hashes with the stable hashcat version?

Thanks,
Hond

RE: How does one crack Pbkdf2 w/hashcat? - philsmd - 06-01-2019

well, you should at least tell us the password, otherwise it's both against the forum rules and impossible for us to know how to test / verify it.

I would say that looking at the code here https://github.com/rchouinard/phpass/blob/121233fb49db4d929de17187f5c18351f647d0eb/library/Phpass/Hash/Adapter/Base.php#L51 and the base64 table here https://github.com/rchouinard/phpass/blob/121233fb49db4d929de17187f5c18351f647d0eb/library/Phpass/Hash/Adapter/Base.php#L51

it should be some conversation along the lines of this script (not verified, because I have no example hash with which I could test this conversation to -m 10900 = PBKDF2-HMAC-SHA256 :

update: improved version of the script posted below

again this PHP code is untested and could need some slight modification
furthermore you should tell us the password ASAP otherwise we would need to ban you

RE: How does one crack Pbkdf2 w/hashcat? - Hond - 06-01-2019

I do not have the full password no more, it's probably something like [redacted]
The codebase is currently being restored from the HDD by a specialized company, I do know this we implemented the PHPAss class before those changes:

https://github.com/rchouinard/phpass/commit/4395ea694cdf73465e6a2d1def70bfc7fc21ff49

RE: How does one crack Pbkdf2 w/hashcat? - philsmd - 06-01-2019

I just did clone the repository and checked out the version that you linked in your first post:

Code:
git clone https://github.com/rchouinard/phpass

cd phpass/

git checkout 121233fb49db4d929de17187f5c18351f647d0eb

cd library/

after that you can generate some hashes like this:

PHP Code:
<?php
require ('Phpass.php');

$adapter = new \Phpass\Hash\Adapter\Pbkdf2 ();

echo $adapter->crypt ("hashcat", '$p5v2$AlBIznIq2$') . "\n"; 

with this script I've generated this hash:

Code:
$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L

the password is hashcat

with this improved version of my previously posted script we can convert this hash to a supported hash by hashcat:

PHP Code:
<?php

# $p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L => sha256:4096:bEJJem5JcTI=:mvW7jv+5py4wiLhB7AnGUN3xJmKw6Z1c

// Author: philsmd
// Date: June 2019
// License: public domain, credits go to philsmd and hashcat

$base64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

function convert_base64 ($input)
{
  global $base64;
  global $itoa64;

  $input_len = strlen ($input);

  if (($input_len % 4) != 0)
  {
    return "";
  }

  $input_len_div4 = (int) $input_len / 4;

  $reverse = "";

  for ($i = 0; $i < $input_len_div4; $i++)
  {
    $reverse .= strrev (substr ($input, $i * 4, 4));
  }

  $tmp = "";

  for ($i = 0; $i < $input_len; $i++)
  {
    $idx = strpos ($itoa64, $reverse[$i]);

    $tmp .= substr ($base64, $idx, 1);
  }

  $decoded = base64_decode ($tmp);

  $tmp = "";

  for ($i = 0; $i < $input_len_div4; $i++)
  {
    $tmp .= strrev (substr ($decoded, $i * 3, 3));
  }

  $output = base64_encode ($tmp);

  return $output;
}

#
# Start
#

$phpass_hash = '$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L';

$cost_factor = substr ($phpass_hash, 6, 1);

$idx = strpos ($itoa64, $cost_factor);

$iterations = pow (2, $idx);

$salt   = base64_encode (substr ($phpass_hash, 7, 8));
$digest = convert_base64 (substr ($phpass_hash, 16));

echo "sha256:$iterations:$salt:$digest\n"; 

as expected from the hash
$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L we get the following output:

sha256:4096:bEJJem5JcTI=:mvW7jv+5py4wiLhB7AnGUN3xJmKw6Z1c

which can be cracked with -m 10900 with password "hashcat" (without quotes)

not sure about your hash, if you aren't sure about the password that's very bad (both for testing purposes but also because it is against the forum rules)

it's needless to say that you need to modify the script and especially the $phpass_hash variable to use it with other hashes than this "hashcat" hash

RE: How does one crack Pbkdf2 w/hashcat? - Hond - 06-01-2019

Thank you so much, I can work with this.
Do you have a btc address on which you'd like a donation?

RE: How does one crack Pbkdf2 w/hashcat? - philsmd - 06-01-2019

nope. but please do me a favor and do not ignore/disregard the forum rules next time (e.g. posting hashes), they can be read here: https://hashcat.net/forum/announcement-2.html

masking the hash would probably be enough... but it would be even more clever to just mention your problem and ask if somebody wants or can generate a hash with a specific known password (for such cases of unknown algorithm or not matching hash and pass)

RE: How does one crack Pbkdf2 w/hashcat? - Hond - 06-01-2019

Noted! I've censored the hash.
Working: thank you!