03-23-2022, 07:13 PM
(03-23-2022, 02:27 PM)Dzam Wrote:(03-22-2022, 03:00 PM)Snoopy Wrote: there is actual no mode (i think) in hashcat supporting this style of hash
Actually, I found some examples here.
This one for instance.
Code:7400 sha256crypt $5$, SHA256 (Unix) 2 $5$rounds=5000$GX7BopJZJxPc/KEK$le16UF8I2Anb.rOrn22AUPWvzUETDGefUmAV8AZkGcD
And I tried it like this:
But I had an error "Token length exception"Code:$6$rounds=20$salt$hash
I already cloned the source code and I'll try to figure it out or maybe add a new method that let me crack such hashes.
yeah but there are still some problems, which will be the reasons you will need a new module
your provided output is salt.length=20 and hash.length=128
the module 1800 (the unix-style sha512scrypt) is build with this linux/unix style hash in mind which has the following defaults and restrictions
salt.length is 8-16, this leads to the first problem, your salt is 20 and therefore to long (token length exceptiopn)
rounds defaults to 5000, but has to be minimum 1000 (although i didnt see this anywhere in the module, so 20 should be fine)
BUT output.hash of mode 1800 sha512crypt is exact 86 chars long (this is fixed by this hashing standard) your output ist 128 -> plain sha512 lenght also resulting in an token length exception
your hash is plain sha512, generated by pw with salt, so the nearest module is still 1700 or 1710 but these modules lacks the abiltiy of adding rounds
when looking for a workaround i stumbled around with mkpasswd and openssl from linux but anyone of these have limitations such as round>=1000 or they cannot be fed with rounds
so jfyi
i did some quickndirty python script, its more or less the ruby code just for python (tested it with your input and was able to repoduce your hash)
i used timeit to test how long this script will run when feeding with plain numbers from 1-100.000, this took
Code:
[5.271704000000001, 5.239788600000001, 5.2361591999999995, 5.285123599999999, 5.324203600000001]so the "hashingrate" of script would be around 18.800 H/s, this is plain, i didnt used anything to parallize the work like python multiprocessing, mutlithreading