03-25-2024, 10:11 AM
The SHA256Cng is just the OS 'fast' way of creating a sha256 hash. Nothing weird is happening in regards to BCrypt.
I think some parts of the code are missing that perhaps alter or change the salt or password. Using this basic .Net code I do not get the same result:
result: 3MSU+bx67fropKer+3n6xBNdtL5MMgVqtE0diKiyWc8= and not s+ILzfJ6MOymVTnmeQAa2iDEoEeRdlu0MmWnzyADlvU=
You can run it at https://dotnetfiddle.net/V9crKz
Perhaps somewhere in the code the pw is modified or represented in a different way. Without the rest of the code it is hard to know how to crack this sha256 hash.
I think some parts of the code are missing that perhaps alter or change the salt or password. Using this basic .Net code I do not get the same result:
Code:
using System;
using System.Security.Cryptography;
using System.Text;
public class Program
{
public static void Main()
{
byte[] salt = Convert.FromBase64String("3tKJrhwSwvp1TG0w");
byte[] pw = Convert.FromBase64String("aGFzaGNhdA=="); // string pw = "hashcat";
using (HashAlgorithm hA = (HashAlgorithm) new SHA256Cng())
Console.WriteLine( Convert.ToBase64String(hA.ComputeHash(Encoding.Unicode.GetBytes(salt + ":" + pw))) );
}
}result: 3MSU+bx67fropKer+3n6xBNdtL5MMgVqtE0diKiyWc8= and not s+ILzfJ6MOymVTnmeQAa2iDEoEeRdlu0MmWnzyADlvU=
You can run it at https://dotnetfiddle.net/V9crKz
Perhaps somewhere in the code the pw is modified or represented in a different way. Without the rest of the code it is hard to know how to crack this sha256 hash.