12-18-2014, 01:06 PM
Hmm, you state the algorithm is "md5(md5($username.$pass).$salt)", but then state that the username is static and it has no salt. So it does not seem like you have the correct algorithm, and it seems like the algorithm is likely md5(md5($pepper.$pass)).
You can simulate this algorithm with -m 2600 and prepending the pepper on each attack.
You can simulate this algorithm with -m 2600 and prepending the pepper on each attack.