hashcat Forum Deprecated; Previous versions General Help v
SHA1 - Unable to use MD5 as a password

Threaded Mode
SHA1 - Unable to use MD5 as a password
zeroprobe Offline
Junior Member
**
Posts: 28
Threads: 6
Joined: Sep 2013
#1
06-23-2016, 10:28 AM
Is it correct functionality of hashcat that a password of 32 characters (MD5) cannot be used for SHA1 in hashcat?

I was trying to use md5's as potential passwords but found this limitation. Passwords of 31 characters are OK.

Is there any way around this?
Find
atom Offline
Administrator
*******
Posts: 5,232
Threads: 233
Joined: Apr 2010
#2
06-23-2016, 11:20 AM
First, the limit on 31 is not true for all cases, there's ways to support up to 55: https://hashcat.net/wiki/doku.php?id=fre...ord_length

Anyway, to crack the supposed algorithm, use -m 4700 not -m 100
Website Find
stepMode Offline
Junior Member
**
Posts: 47
Threads: 1
Joined: Oct 2015
#3
06-23-2016, 01:34 PM
Well if I understood your 1st post right you want to crack a SHA-1 hash which in plaintext is a 32 char long hex-string right?
You would have to use the attackmode 1 which is combinator, in this mode your plaintext can go up to 55 chars, as atom already linked.
Find
zeroprobe Offline
Junior Member
**
Posts: 28
Threads: 6
Joined: Sep 2013
#4
06-23-2016, 02:16 PM (This post was last modified: 06-23-2016, 05:34 PM by zeroprobe.)
EDIT:
Find
zeroprobe Offline
Junior Member
**
Posts: 28
Threads: 6
Joined: Sep 2013
#5
06-23-2016, 05:33 PM (This post was last modified: 06-23-2016, 06:50 PM by zeroprobe.)
(06-23-2016, 02:16 PM)zeroprobe Wrote: I split my MD5's in the middle.

Combination won't work, too many combinations. I got mixed up.

Is there any way to use a wordlist of md5 hashes as passwords for a SHA1?
Find
FlippingGerman Offline
Junior Member
**
Posts: 30
Threads: 1
Joined: May 2015
#6
06-24-2016, 03:07 PM
What if you take your MD5s, chop off the last character, and then use combinator to out it back on? Slow, but faster than anything else.
Find
atom Offline
Administrator
*******
Posts: 5,232
Threads: 233
Joined: Apr 2010
#7
06-25-2016, 10:52 AM
why don't you just use -m 4700
Website Find
zeroprobe Offline
Junior Member
**
Posts: 28
Threads: 6
Joined: Sep 2013
#8
06-25-2016, 01:56 PM
(06-25-2016, 10:52 AM)atom Wrote: why don't you just use -m 4700

Doesn't seem to crack with 4700. However taking off 1 character of the md5 password allows it.

Are you able to test? Do you have the same issue.
Find
atom Offline
Administrator
*******
Posts: 5,232
Threads: 233
Joined: Apr 2010
#9
06-26-2016, 10:14 AM
see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#
Website Find
zeroprobe Offline
Junior Member
**
Posts: 28
Threads: 6
Joined: Sep 2013
#10
06-27-2016, 10:56 AM
(06-26-2016, 10:14 AM)atom Wrote: see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#

I understand now, hashcat will do the real time conversion of the passwords to MD5 to use against the SHA1.

I was using password lists of MD5s.
Find