A 25 word list, with a 16 character mixAlphaNumeric salt, please help
#1
Hi,

I'm a bit confused on getting started with writing the hashcat command for this.

I know I can set up the word list as follows:
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,0,1,1]]
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,0,1]]
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,0]]
etc.... (25 of them)

The hashes are sha256, which I can see is supported by hashcat (1400)

There is also a 16 character mixed case alphanumeric salt at the end of the string, preceded by a space. So an example would be:
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,1],[1,1,1,1,0]] IDdPP5cFTNiPAkXH

I've downloaded and extracted hashcat, made my word list, now I don't know what to do next...

Is there anything I need to set up for the salt of the hash? Like I had to set up the word list

Any advice will be greatly appreciated Smile
#2
that looks simple, but first, please add a valid hash, salt and plaintext example just to make sure i've understood this correctly
#3
Hi, thanks for your reply. Here it is:

Valid example of a hash I would need to crack:
8ef38d8a70223974ff2c6dc30f131cb4bd8031d1ab70ef5badc322005ae7d578

Which prior to hashing would have been:
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,0,1],[1,1,1,1,1],[1,1,1,1,1]] cG6g3cMvqQpMqOuE

With my current understanding of salts, the 16 character suffix (cG6g3cMvqQpMqOuE) would be the "salt" added to the end of the string, prior to hashing.

Is this what you needed?
#4
I'd say your salt has 17 chars and a leading space. Put the hashes into your hash list like hashConfusedalt
#5
hashcat/oclHashcat can not crack those because the total length of a string is > 55.

However, the keyspace you're trying to search is very small (2^25). Therefore you can use maskprocessor and a little controller script in combination to crack it easily:

Quote:root@sf:~# time /root/maskprocessor-0.70/mp64.bin -1 01 '[[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1]] cG6g3cMvqQpMqOuE' | perl calc.pl
cracked: [[1,1,1,1,1],[1,1,1,1,1],[1,1,1,0,1],[1,1,1,1,1],[1,1,1,1,1]] cG6g3cMvqQpMqOuE

real 1m34.589s
user 1m40.355s
sys 0m5.478s
root@sf:~#

here's the perl script that does the hashing. on my system (good cpu) it took 1m34s to crack it.

Code:
#!/usr/bin/env perl

use strict;
use warnings;

use Digest::SHA qw (sha256_hex);

## run like this:
## ./mp64.bin -1 01 '[[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1]] cG6g3cMvqQpMqOuE' | perl calc.pl

my $search_hash = "8ef38d8a70223974ff2c6dc30f131cb4bd8031d1ab70ef5badc322005ae7d578";

while (my $line = <>)
{
  chomp $line;

  my $hash = sha256_hex ($line);

  next unless ($hash eq $search_hash);

  print "cracked: $line\n";
}
#6
Thanks alot for this! I'm installing perl and an IDE on my machine now to begin testing that.

In the comments you say:
## run like this:
## ./mp64.bin -1 01 '[[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1],[?1,?1,?1,?1,?1]] cG6g3cMvqQpMqOuE' | perl calc.pl

Will this take into account different salts? They are not always cG6g3cMvqQpMqOuE, they are random each time
#7
For example, here is another hash:
ff2c1ce430607a9b63976e4b70810c5082f5318ddab20d4e769c32f357ae3683

This one would be :
[[1,1,1,1,1],[1,1,1,1,1],[1,1,1,0,1],[1,1,1,1,1],[1,1,1,1,1]] WuXgpDEpTwmXLR5G

Prior to being sha256'd
#8
Sorry, what I'm saying is I don't think that would work as I don't know what the 16 char "salt" is going to be, and in your instruction comments, you say to execute the command using the 16 char's in the command.
#9
I see, but then the problem is with your wording. A salt is some set of data that is known to both defender and attacker.
#10
Gotcha, ok, yes, that is my fault. I came into this discussion not fully aware of what a salt is. I'm sorry about that.

It's one of the 25 strings, with a space between it and a random 16 characters (mix case alphaNum) at the end, all sha256'd.

It seems plausible to me that this can be cracked, and was hoping hashcat was the one to do it. Do you agree that it is possible with hashcat?