02-21-2019, 04:38 PM
1. about the javascript string to hexadecimal conversion: it's just the octal code point (see https://mathiasbynens.be/notes/javascript-escapes#octal) converted to hexadecimal
something like this in javascript:
s='\115\116\213\305\117\073\313\206\013\042\106\121\240\001\333\032';r='';for(i=0;i<s.length;i++)r+=('0'+s.charCodeAt(i).toString(16)).slice(-2);console.log(r)
2. 8de6c4719419b4a9237acaeaa1a0e095 is a further "password=" hash within your tcp dump without any preceeding salt and md5Hex () javascript code. If the information is missing, you can't crack it of course. The salt must be known, it's not in the tcp dump. I explained this already. If we do not have any additional information about the salt we only know that it is a hash for which we miss the information required. The salt is MISSING in the capture ! I'm not sure what is so difficult to understand about this
3. mask attack is explained here: https://hashcat.net/wiki/?id=mask_attack (any hard-coded string can be added to the mask directly, but any static prefix to masks will reduce speed by a lot)
hashcat -m 10 -a 3 -O -w 3 --hex-salt cbc5d1a36621e0f824f5491ae9cf172c:4d4e8bc54f3bcb860b224651a001db1a --increment _?d?d?d?d?d?d?d?d
DanielG already explained this. You must be also willing to read and learn/understand. We can't help you reading what we write here
.
4. The html code doesn't contain any hint of how the salt is generated on the server. It's probably a piece of code executed on the
server to generate random salts (what you called chap-id and chap-challenge above). You don't see this within the capture or html
code
something like this in javascript:
s='\115\116\213\305\117\073\313\206\013\042\106\121\240\001\333\032';r='';for(i=0;i<s.length;i++)r+=('0'+s.charCodeAt(i).toString(16)).slice(-2);console.log(r)
2. 8de6c4719419b4a9237acaeaa1a0e095 is a further "password=" hash within your tcp dump without any preceeding salt and md5Hex () javascript code. If the information is missing, you can't crack it of course. The salt must be known, it's not in the tcp dump. I explained this already. If we do not have any additional information about the salt we only know that it is a hash for which we miss the information required. The salt is MISSING in the capture ! I'm not sure what is so difficult to understand about this
3. mask attack is explained here: https://hashcat.net/wiki/?id=mask_attack (any hard-coded string can be added to the mask directly, but any static prefix to masks will reduce speed by a lot)
hashcat -m 10 -a 3 -O -w 3 --hex-salt cbc5d1a36621e0f824f5491ae9cf172c:4d4e8bc54f3bcb860b224651a001db1a --increment _?d?d?d?d?d?d?d?d
DanielG already explained this. You must be also willing to read and learn/understand. We can't help you reading what we write here
.
4. The html code doesn't contain any hint of how the salt is generated on the server. It's probably a piece of code executed on the
server to generate random salts (what you called chap-id and chap-challenge above). You don't see this within the capture or html
code