Help for cracking SHA1 password:salt

[SnakeEye]

Hello there!

I'm new to this forum and to this program, so I need a little help :-)

I need to crack my password in my own database, I don't know the salt - but I know how it's created (code snippet I used on my site).

This is how the salt/password is created:

Code:

{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}

I appreciate any help - thanks!

[M@LIK]

Simple.

1 - You need to reformat your hashes. The first 9 bytes are the salt and the rest is the actual sha1 hash, use the following sed command to reformat:

Code:

sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#"

As you can see we need it in Hashalt.

2 - Use oclHashcat-plus-0.09 with -m110.

3 - That's it!

[SnakeEye]

I actually tried removing first 9 chars and using a online decrypter which did not work :-)

Well, thank you very much!

Can I ask you one more thing? To provide me with an example like,

Code:

cudaHashcat-plus64.exe -m 500 my.hash example.dict

I'm not into all the command and options right now (just started reading the users manual: http://hashcat.net/files/hashcat_user_manual.pdf)

My guess is something like:

Code:

cudaHashcat-plus64.exe -m110 my.hash example.dict

But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)

[M@LIK]

I actually tried removing first 9 chars and using a online decrypter which did not work :-)

Negative. Salted hashes can not be cracked using online DBs.

Can I ask you one more thing? To provide me with an example like,

Dictionries attacks are always the best to start with. Try:

Code:

[your_oclhashcat-plus_platform] -m110 [your_hashfile] -o recoverd_hashes.txt [Your_dict]

Note that the hashfile must contain the hashes in the right format, which is Hash:Salt.

I'm not into all the command and options right now (just started reading the users manual: http://hashcat.net/files/hashcat_user_manual.pdf)

Negative. That manual is outdated, read the Wiki instead.

But how does the sed command work, and is there better dictionaries to use, or am i complete on the wrong road here? :-)

Sed is a text editor originally from Unix systems but can work on Windows too. Try Google for better understanding. I only recommend using sed if you're going to reformat tens of hashes, if less, do it manually.
For better dictionaries see Wordlist Downloads. rockyou.txt is a very good start.

[SnakeEye]

Thank you!!!!

Can't figure out how to use SED to go through hashes from a file and save to a new file. But it does'nt matter..

Well, it works though, but I get status "Exhausted" everytime. I guess it's because the word is not in the dictionary. Is it possible to use multiply dictionaries?

[M@LIK]

Yes, just stack them in your command line:

Code:

... dict1.txt dict2.txt dict3.txt

Easy as that.

[SnakeEye]

I tried that, oh i put comma........ :-) thanks again!

I found out how to save to a file with SED, solution was very easy.............

Code:

sed "s#^\(.\{9\}\)\(.\{40\}\)$#\2:\1#" file1.txt > file2.txt

[M@LIK]

Good!

And yes, that's one way to use the sed command. I just wrote you the command you can utilize it in many ways.

Just to make sure everything is going in the right way, try cracking a known hash with the know password in your dict and see if it cracks successfully. Here's an example:

Code:

b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97
Should crack to: password
In other way:
b1b0a62a97d4bf84cff55e76514619cdaa21e093:8042dbf97:password

[SnakeEye]

It works fine :-)

I'm learning this program slowly, you helped a lot. Thanks again