Bruteforcing SHA1 with knowing the salt
#1
Hello dear Hashcat community,
I am a studying cybersecurity on my local university. I am stucked at a task given by my lecturer. 
As the task says - I have to find the secret password just by knowing the SHA1 hash and salt. I was reading the documentation and old threads(of much older versions of Hashcat) but I still don't know how to include my salt in command. 

As far as I read on the wiki, I should use the -m parameter with 110 number and -a parameter with value 3. 

Can you please give me a tip how to make use of knowing the salt and any example of command?

I have tryed something like this but with no success:
Code:
Hashcat -m 110 -a 3 40DIGITSHA1 (and where should I put salt here?)
Cheers,
Tropikando
Reply
#2
see "hashcat --example -m 110" for the expected format or have a look at https://hashcat.net/wiki/doku.php?id=example_hashes
Reply
#3
So it should look like that?
Code:
Hashcat -m 110 -a 3 SHA1:Salt
The program is running but I want to ask if the command is corrent just to be sure.
Reply
#4
Yes, that's correct. You should specify a mask when running -a3 btw.
Reply
#5
I didn't do that, I guess it will take longer time to find the password without specifying it?
Reply
#6
"take longer time" compared to what ?

Mast attack : https://hashcat.net/wiki/doku.php?id=mask_attack
Reply