tips on cracking SHA1 hash
#1
I'm doing this for the first time.

I have a SHA1 hash with salt and looking for a password between 4 and 12 characters, that's all I know.

I'm wondering how I can minimise the keyspace, as all I can guess is the length of the password.

Are there any tips on how to best go about this?  Is it generally a good idea to use wordlists?  where do i store the wordlist file or the charset file?

my hashrate is around 3000 MH/s
Reply
#2
Quote:SHA1 hash with salt
First, choose the right mode, speed is not the same for all:
Code:
110    sha1($pass.$salt)
120    sha1($salt.$pass)
130    sha1(utf16le($pass).$salt)
140    sha1($salt.utf16le($pass))

Quote:minimise the keyspace
To achieve that, you need to have hints about charset (a-z A-Z etc)/ keyboard used ? For example, a russian keyboard is not the same as an English or a Spanish one. Any weird letters?
If you don't have any clues, I would go for wordlists + rules. If it is really random, you'll need to go for a brutefroce.
Reply
#3
Thanks so it is english letters.

How do I use a wordlist + rules?  Can you give an example?

Im thinking the first letter could be capital or a number, so how would I do that as a mask?

?H?wordlist

(09-24-2020, 10:10 AM)Mem5 Wrote:
Quote:SHA1 hash with salt
First, choose the right mode, speed is not the same for all:
Code:
110 sha1($pass.$salt)
120 sha1($salt.$pass)
130 sha1(utf16le($pass).$salt)
140 sha1($salt.utf16le($pass))

Quote:minimise the keyspace
To achieve that, you need to have hints about charset (a-z A-Z etc)/ keyboard used ? For example, a russian keyboard is not the same as an English or a Spanish one. Any weird letters?
If you don't have any clues, I would go for wordlists + rules. If it is really random, you'll need to go for a brutefroce.
Reply
#4
Code:
-a 7 -1 ?u?d hash.txt ?1 dict.txt

or rules:
Code:
-a 0 -r my.rules hash.txt dict.txt

where my.rules is
Code:
^0
^1
^2
^3
^4
^5
^6
^7
^8
^9
^A
^B
^C
^D
^E
^F
^G
^H
^I
^J
^K
^L
^M
^N
^O
^P
^Q
^R
^S
^T
^U
^V
^W
^X
^Y
^Z
Reply