Breaking AIX hashes with hashcat
#2
Hi guys, thx @atom,
and here are the details, it is (partially) too easy to be true and not understandable why nobody else came up with this details b4 ;-):
- smd5 uses md5_crypt basically
- ssha* variants use pbkdf2-hmac-sha-* (there are three of those ssha1, ssha256 and ssha512 connected to the pbkdf2-hmac-sha-* variant)

Furthermore, there is a non-standard (but well-known) base64 table in use:
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

The main difference of smd5 from standard md5_crypt() is that smd5 doesn't use the "$1$" within the md5_crypt digest generation.
But there is an option, they told me, that enables the "standard" version of md5_crypt, i.e. w/ std_hash=true or similar.

There are also very small base64 hacks in ssha* variants but of no big deal, i.e. the length of the outcome hash, what happens w/ padding etc.
If you have some sample hashes (or better password/hash pairs), it is easy to spot this details.


Too much words, here I open a ticket w/ source code attached (be warned: this code is hackish, was quickly written down, w/o looking at performance etc, but should be working too. Don't blame me for the (bad) code, ok?):
https://hashcat.net/trac/ticket/135


Messages In This Thread
Breaking AIX hashes with hashcat - by atom - 04-20-2013, 10:33 PM
RE: Breaking AIX hashes with hashcat - by philsmd - 04-20-2013, 10:34 PM
RE: Breaking AIX hashes with hashcat - by radix - 04-20-2013, 11:18 PM
RE: Breaking AIX hashes with hashcat - by eljolot - 04-21-2013, 12:38 AM
RE: Breaking AIX hashes with hashcat - by Rolf - 04-21-2013, 03:30 AM
RE: Breaking AIX hashes with hashcat - by halfie - 04-21-2013, 08:31 AM
RE: Breaking AIX hashes with hashcat - by atom - 04-22-2013, 12:17 PM
RE: Breaking AIX hashes with hashcat - by philsmd - 04-22-2013, 01:03 PM