hashcat Forum
Whats the most efficient way to do this? (newbie) - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Whats the most efficient way to do this? (newbie) (/thread-9156.html)



Whats the most efficient way to do this? (newbie) - y33t - 04-23-2020

Alright so I've got a whirlpool hash which is salted.

So the password is reversed and at the beginning they placed a word 'WIT' and at the end there is a number, users SQL id.

So the password looks like this:

lets say the password is: password
and the users sqlid is 50..

the password would be hashed like this:

WITdrowssap50

Is there a way to use sqlid with the wordslists? I'm pretty new to this but i've done whirlpool a long time ago. And how do i add the custom word at the beginning?

Help?


RE: Whats the most efficient way to do this? (newbie) - philsmd - 04-23-2020

maybe rule based attacks:
https://hashcat.net/wiki/doku.php?id=rule_based_attack

Code:
r ^T ^I ^W $5 $0

the last part (adding the digits, $5 $0) can be done also with a separate rule file (multi rule file combination feature: https://hashcat.net/wiki/doku.php?id=rule_based_attack#multi-rules). i.e. if you have a rule file that adds some digits, it can be combined with other rules like this -r first.rule -r second.rule -r third.rule and the result is just like if the single lines would be combined (not in sequence but applied at the same time)

of course this is not perfectly ideal approach, because you probably would have the additional information/relationship that connects each hash with an ID. i.e. like a salt (but there is no salted whirlpool support in hashcat)


RE: Whats the most efficient way to do this? (newbie) - y33t - 04-23-2020

Damn that's sick..

So there is no actual way to load up the users sqlid with $number in a multi hash sequence? Like i know the users sqlids and i know the password hashing goes like that and thats it.


RE: Whats the most efficient way to do this? (newbie) - undeath - 04-23-2020

No, you would need a hash mode with salt support for that.