10-30-2025, 08:13 PM
Hello, i'm working on a CTF and had to do a MITM to intercept packets between a client and a database to steal data. I never used hashcat in an advanced way so I'm pretty lost here
The last step to get the flag is to find the password of the root user, all I have are the authentication packets containing the challenge hash and salt.
FYI the SQL server sends a 20 bytes "salt" to the client who calculates the challenge hash and sends it to the server this way:
$hash = sha1($pass) ^ sha1($salt.sha1(sha1($pass)))
("^" being the XOR operator)
I have no clue about how to use hascat in this case, is it even possible ?
My second little question is that, since the salt is pure random bytes most of it is just non printable characters, how do I input it ?
The last step to get the flag is to find the password of the root user, all I have are the authentication packets containing the challenge hash and salt.
FYI the SQL server sends a 20 bytes "salt" to the client who calculates the challenge hash and sends it to the server this way:
$hash = sha1($pass) ^ sha1($salt.sha1(sha1($pass)))
("^" being the XOR operator)
I have no clue about how to use hascat in this case, is it even possible ?
My second little question is that, since the salt is pure random bytes most of it is just non printable characters, how do I input it ?