Help for cracking SHA1 password:salt
#1
Hello there!

I'm new to this forum and to this program, so I need a little help :-)

I need to crack my password in my own database, I don't know the salt - but I know how it's created (code snippet I used on my site).

This is how the salt/password is created:
Code:
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}


I appreciate any help - thanks!
#2
Simple.

1 - You need to reformat your hashes. The first 9 bytes are the salt and the rest is the actual sha1 hash, use the following sed command to reformat:
Code:
sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#"
As you can see we need it in HashConfusedalt.

2 - Use oclHashcat-plus-0.09 with -m110.

3 - That's it!
#3
I actually tried removing first 9 chars and using a online decrypter which did not work :-)

Well, thank you very much!

Can I ask you one more thing? To provide me with an example like,
Code:
cudaHashcat-plus64.exe -m 500 my.hash example.dict

I'm not into all the command and options right now (just started reading the users manual: http://hashcat.net/files/hashcat_user_manual.pdf)

My guess is something like:
Code:
cudaHashcat-plus64.exe -m110 my.hash example.dict

But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)
#4
SnakeEye Wrote: I actually tried removing first 9 chars and using a online decrypter which did not work :-)
Negative. Salted hashes can not be cracked using online DBs.

SnakeEye Wrote: Can I ask you one more thing? To provide me with an example like,
Dictionries attacks are always the best to start with. Try:
Code:
[your_oclhashcat-plus_platform] -m110 [your_hashfile] -o recoverd_hashes.txt [Your_dict]
Note that the hashfile must contain the hashes in the right format, which is Hash:Salt.

SnakeEye Wrote: I'm not into all the command and options right now (just started reading the users manual: http://hashcat.net/files/hashcat_user_manual.pdf)
Negative. That manual is outdated, read the Wiki instead.

SnakeEye Wrote: But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)
Sed is a text editor originally from Unix systems but can work on Windows too. Try Google for better understanding. I only recommend using sed if you're going to reformat tens of hashes, if less, do it manually.
For better dictionaries see Wordlist Downloads. rockyou.txt is a very good start.
#5
Thank you!!!! Smile

Can't figure out how to use SED to go through hashes from a file and save to a new file. But it does'nt matter..

Well, it works though, but I get status "Exhausted" everytime. I guess it's because the word is not in the dictionary. Is it possible to use multiply dictionaries?
#6
Yes, just stack them in your command line:
Code:
... dict1.txt dict2.txt dict3.txt
Easy as that.
#7
I tried that, oh i put comma........ :-) thanks again!

I found out how to save to a file with SED, solution was very easy.............

Code:
sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#" file1.txt > file2.txt
#8
Good!

And yes, that's one way to use the sed command. I just wrote you the command you can utilize it in many ways.

Just to make sure everything is going in the right way, try cracking a known hash with the know password in your dict and see if it cracks successfully. Here's an example:
Code:
b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97
Should crack to: password
In other way:
b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97:password
#9
It works fine :-)

I'm learning this program slowly, you helped a lot. Thanks again