Posts: 5
Threads: 1
Joined: Oct 2012
10-15-2012, 09:49 PM
(This post was last modified: 10-16-2012, 12:23 AM by SnakeEye.)
Hello there!
I'm new to this forum and to this program, so I need a little help :-)
I need to crack my password in my own database, I don't know the salt - but I know how it's created (code snippet I used on my site).
This is how the salt/password is created:
Code:
{
if ($salt === null) {
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else {
$salt = substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($pwd . $salt);
}
I appreciate any help - thanks!
Posts: 414
Threads: 14
Joined: Mar 2012
Simple.
1 - You need to reformat your hashes. The first 9 bytes are the salt and the rest is the actual sha1 hash, use the following
sed command to reformat:
Code:
sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#"
As you can see we need it in
Hashalt.
2 - Use
oclHashcat-plus-0.09 with
-m110.
3 - That's it!
Posts: 5
Threads: 1
Joined: Oct 2012
10-15-2012, 10:08 PM
(This post was last modified: 10-15-2012, 10:11 PM by SnakeEye.)
I actually tried removing first 9 chars and using a online decrypter which did not work :-)
Well, thank you very much!
Can I ask you one more thing? To provide me with an example like,
Code:
cudaHashcat-plus64.exe -m 500 my.hash example.dict
I'm not into all the command and options right now (just started reading the users manual:
http://hashcat.net/files/hashcat_user_manual.pdf)
My guess is something like:
Code:
cudaHashcat-plus64.exe -m110 my.hash example.dict
But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)
Posts: 414
Threads: 14
Joined: Mar 2012
SnakeEye Wrote: I actually tried removing first 9 chars and using a online decrypter which did not work :-)
Negative. Salted hashes can not be cracked using online DBs.
SnakeEye Wrote: Can I ask you one more thing? To provide me with an example like,
Dictionries attacks are always the best to start with. Try:
Code:
[your_oclhashcat-plus_platform] -m110 [your_hashfile] -o recoverd_hashes.txt [Your_dict]
Note that the hashfile must contain the hashes in the right format, which is
Hash:Salt.
SnakeEye Wrote: I'm not into all the command and options right now (just started reading the users manual: http://hashcat.net/files/hashcat_user_manual.pdf)
Negative. That manual is outdated, read the
Wiki instead.
SnakeEye Wrote: But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)
Sed is a text editor originally from Unix systems but can work on Windows too. Try Google for better understanding. I only recommend using
sed if you're going to reformat tens of hashes, if less, do it manually.
For better dictionaries see
Wordlist Downloads.
rockyou.txt is a very good start.
Posts: 5
Threads: 1
Joined: Oct 2012
Thank you!!!!
Can't figure out how to use SED to go through hashes from a file and save to a new file. But it does'nt matter..
Well, it works though, but I get status "Exhausted" everytime. I guess it's because the word is not in the dictionary. Is it possible to use multiply dictionaries?
Posts: 414
Threads: 14
Joined: Mar 2012
Yes, just stack them in your command line:
Code:
... dict1.txt dict2.txt dict3.txt
Easy as that.
Posts: 5
Threads: 1
Joined: Oct 2012
I tried that, oh i put comma........ :-) thanks again!
I found out how to save to a file with SED, solution was very easy.............
Code:
sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#" file1.txt > file2.txt
Posts: 414
Threads: 14
Joined: Mar 2012
Good!
And yes, that's one way to use the sed command. I just wrote you the command you can utilize it in many ways.
Just to make sure everything is going in the right way, try cracking a known hash with the know password in your dict and see if it cracks successfully. Here's an example:
Code:
b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97
Should crack to: password
In other way:
b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97:password
Posts: 5
Threads: 1
Joined: Oct 2012
It works fine :-)
I'm learning this program slowly, you helped a lot. Thanks again