Posts: 17
Threads: 6
Joined: Aug 2018
09-22-2018, 09:07 AM
Hello,
I have a few questions I'd like to ask about using hashcat, and generating rainbow tables, but just hashcat for now.
One is: suppose I have hashes that are e.g. sha512($password . $salt ) where $salt is unknown but could be an arbitrary length binary object, e.g. 6 bytes. Then that is hashed 5000 times. (Similar to what Symfony uses with it's sha512 provider). I have a password file, and I want to actually crack the salt, assuming that I have the password. How could I do that?
I have a few other questions, mostly dumb ones I guess. I've been googling and practicing on my rig but I want to try and get up to speed with my burning questions faster.
If you can help I can optionally send some bitcoin your way, although a modest amount.
Thank you,
James
Posts: 413
Threads: 2
Joined: Dec 2015
In the case of searching for a salt, have you tried just relabeling the parts? Swap salt and password values around in their fields to match the algorithm.
If i have md5($pass.$salt) and I know the salt, which is typically how this works, i could look at it as md5($unknown.$known). Hashcat attacks the unknown pieces, so that position would be the password in this case. But say i know the password and not the salt. If i try to use the algorithm md5($pass.$salt) the unknown position will be the password still, and hashcat wont understand. If i were to use the algorithm md5($salt.$pass) which is equivalent to md5($known.$unknown) I could place the password where i would normally place a salt, in the known position, and load it up that way. The position being attacked would be correct for my target since i'm attacking the right side position and not the left one.
Posts: 17
Threads: 6
Joined: Aug 2018
Hi Chick3nman, thank you!
That was a clear explanation of how that works. I'll have to generate some dummy hashes with unknown salts and try that method. Thank you again.
By the way, is there a method of trying to exhaust the keyspace for every single bit position? Suppose the salt is 8 bytes, can a wordlist be made to crack the salt and cover every bit pattern for 8 bytes? Maybe a bit more practical to start with, only two bytes of salt.
I tried with hash 41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce
then a colon, then I thought, do I have to put in every possible 2 byte salt in format e.g.
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:0x010xAB
or whatever the format is? I think it's just digits from the examples page, so to get all 2 byte bit patterns, would that be 0 - 66536? So to exhaust the salts, lines like this:
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:00000
.. to ..
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:65536
That's mode 1710, for sha512(pass . salt), so for 1720 where I reverse it, the known being the password and the unknown the salt for sha512(salt . pass), I would do something like this:
hashcat -a 3 -m 1720 ... hashes-in-some-format salt-list.in.txt
Still not sure how I would feed it into hashcat in a format it understands, if I want to crack a bunch of sha512 hashes where the passwords are known and I just want to find the salts...
Posts: 413
Threads: 2
Joined: Dec 2015
09-22-2018, 12:58 PM
(This post was last modified: 09-22-2018, 12:59 PM by Chick3nman.)
If you want to hit every possible byte, use the mask ?b since it contains values 0-255.
for a hash who's format is salt.pass or known.unkown, and its passed into hashcat as hash:salt or hash:known, you would just flip it around to pass.salt, and put the password on the hash like you would the salt, so hash:pass. If you want to see the input formats, you can check them here:
https://hashcat.net/wiki/doku.php?id=example_hashes
Posts: 17
Threads: 6
Joined: Aug 2018
So if I wanted to use mode 120, sha1($salt . $pass) because I have that kind of hashed digest, I would actually flip it around to 110 sha1($pass . $salt) and have lines that look like this:
8573db2460575106df5d4e0c7502c23f623a3174:pwd
8573db2460575106df5d4e0c7502c23f623a3174:another
8573db2460575106df5d4e0c7502c23f623a3174:foo
8573db2460575106df5d4e0c7502c23f623a3174:bar
and use the mask ?b?b?b?b (for 4 bytes of salt) on the command line? Is that attack mode 3 or a hybrid?
Posts: 17
Threads: 6
Joined: Aug 2018
So maybe after reading this:
https://datafireball.com/2015/05/31/sha1-and-hashcat/
I would put in:
8573db2460575106df5d4e0c7502c23f623a3174
alt_value1
8573db2460575106df5d4e0c7502c23f623a3174
alt_value2
... for as many salts as I wanted, to try and crack what would be mode 120 sha1($salt . $pass)? And instead use mode 110, like so:
hashcat -a 0 -m 110 my_hashes_with_salts.txt my_password_list.txt
Am I on the right track here? How can I generate the salts with ?b and dump them all to a file with the hash? Or can I use a hybrid mode, with one hash, ?b, and a password list?
Posts: 17
Threads: 6
Joined: Aug 2018