(10-01-2022, 11:30 AM)meow Wrote: I tried with a command like this:
Code:hashcat -m 3200 -a 0 -O $2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6 ./wordlist
3. Is this the expected format for bcrypt hash parameter?
Yes and no. Yes, if used in a file. No, if used on the command line.
(10-01-2022, 11:30 AM)meow Wrote: 4. Am I allowed to supply the parameter inline on the terminal like this or do I have to use a file for input?
I have always wondered why Hashcat users create a file just to store a single hash. Is there any reasonable explanation for this? This seems like something you would only want to do when you want to work on two or more hashes.
Yes, you can supply the hash in the command line.
See the help section for a hint:
Code:
Usage: hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...
What the help section doesn't give away is that for certain hashes, the command will fail if you supply the hash directly in terminal, on the command line, and your hash contains chars that Hashcat can choke on and you don't format the string correctly to avoid this choking hazard.
As it turns out – in my best ability to understand this – this is exactly the reason why users prefer to use a file, or have simply learned to default to (they don't know a better way) when supplying the hash:
(10-01-2022, 11:30 AM)meow Wrote: The command failed with this error:
Code:Hash 'j0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6': Separator unmatched
No hashes loaded.
More on this in comments below.
(10-01-2022, 11:30 AM)meow Wrote: 7. What separator matching is it looking for?
This is the 31 char of the string (see above). Although mine doesn't look like this, this is where it's at. Mine includes "/" chars, one at the beginning and one somewhere in the middle or so. Is this throwing off Hashcat in any way? Is it problematic to have these slashes in the string, and do I need to escape them?
I still don't fully understand why it's matching separators or what kind of "separator" it fails to match. But I do know for sure now that something was indeed throwing off Hashcat, and that something is not the slash or slashes, but the dollar chars! As explained by Royce here: https://hashcat.net/forum/thread-8223-po...l#pid44115
Royce suggested escaping the dollar matching by enclosing them in single quote chars. Although I was unable to get lucky with this. Just how do you format it then? Let's have an example please?
But I was able to work my way around this by using a file for input, instead of supplying the hash directly on the command line, even if it's only one hash inside.
(10-01-2022, 11:30 AM)meow Wrote: 5. How can I tell Hashcat how long my password is or to tell it what the password is and have it try that?
I have typed in my password in cleartext in the "wordlist" file. Is that the right way to do it?
I still don't know how to tell Hashcat how long my password is. This is what masks are used for, right? I have not explored masks much and I'm still getting used to this weird syntax.
As for the second part of the question, yes, that's one way to tell Hashcat what the password is or might be and have it try that. You add the password candidate or candidates to a file, often called a "dictionary" or a "wordlist". You also have to specify "straight" as attack mode (another word for dictionary or wordlist).
Following questions still remain. Feel free to pitch in.
(10-01-2022, 11:30 AM)meow Wrote: For the sake of example, it looks something like this:
Code:$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6
No need to google this, this is not my actual hash. I took this from Hashcat example list. Mine is a 2y variant with cost of 10.
1. The first 22 chars (after last dollar) is salt?
2. The remaining 31 chars is blowfish hash?
I requested optimized kernel but got none:
Optimized kernel requested, but not available or not required
6. Is there any list of optimized kernels that Hashcat supports?
Lastly, my hash included additional colon separated bits, ending with semicolon. Something like this:
Code:$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6:01234567890123456789:012345678;
8. What is the significance of these last bits and should they be included in input?
I would appreciate your help with this.