md5 bruteforce with 2 known salts - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: md5 bruteforce with 2 known salts (/thread-9710.html) |
md5 bruteforce with 2 known salts - AlanGomes_ - 12-17-2020 Given a known left salt and right salt, how can I bruteforce a md5 hash with a unknown password between them? For example: md5($salt1 . $password . $salt2) $salt1 is known $salt2 is known too $password is unknown and needs to be bruteforced (unknown length and unknown charset) I tried using a mask attack but the performance wasn't so great. Mask: Code: ?a,SALT1_EXAMPLE?1SALT2_EXAMPLE Command: Code: hashcat -m 0 -a 3 -w 3 --force --opencl-device-types 1,2 test.hash mask.txt Speed of this method in a RTX 2060 Super: Code: Time.Started.....: Wed Dec 16 19:35:52 2020 (26 mins, 31 secs) I was expecting something close to 12940.3 MH/s (as performed in benchmark mode) Can someone guide me in how to perform this in hashcat? Thanks in advance! RE: md5 bruteforce with 2 known salts - undeath - 12-17-2020 Use mode 20 (md5($salt.$pass)) for good performance. Never use --force. RE: md5 bruteforce with 2 known salts - AlanGomes_ - 12-17-2020 (12-17-2020, 01:05 AM)undeath Wrote: Use mode 20 (md5($salt.$pass)) for good performance. Never use --force. Mode 20 only supports 1 salt as far as I know, is there some workaround to add another salt? RE: md5 bruteforce with 2 known salts - undeath - 12-17-2020 You already posted the workaround in your first post: append the second salt to your mask. RE: md5 bruteforce with 2 known salts - AlanGomes_ - 12-17-2020 (12-17-2020, 01:26 AM)undeath Wrote: You already posted the workaround in your first post: append the second salt to your mask. It works but the problem remains the same, the performance is extremely low compared to a simple md5 bruteforce. I think the problem is in the mask attack itself :/ Code: Speed.#1.........: 123.2 MH/s (3.98ms) @ Accel:256 Loops:1 Thr:256 Vec:1 Additionally, hashcat gives me this warning, but I don't think I need/can increase the work amount: Code: The wordlist or mask that you are using is too small. Do you have another idea? RE: md5 bruteforce with 2 known salts - undeath - 12-17-2020 Did you only measure that speed with the first mask in your list or also with longer ones? Masks with only few variable chars will always produce low performance. RE: md5 bruteforce with 2 known salts - AlanGomes_ - 12-17-2020 (12-17-2020, 01:37 AM)undeath Wrote: Did you only measure that speed with the first mask in your list or also with longer ones? Masks with only few variable chars will always produce low performance. Alright, I was doing something wrong, I changed to mode 20 without removing the first salt of the mask file. Now the speed increased from ~123.2 MH/s in mode 0 to ~6126.4 MH/s in mode 20. Still is a little under the 12940.3 MH/s speed I got in the benchmark. Maybe some optimization I have to do? My current mask (9999999999 is a placeholder with the same length of the real salt): Code: ?h,?19999999999 I measured the speed with the largest mask. |