Hi,
I am attempting to recover a Linux user password, and in the decade since the last time I used jtr and hashcat things have changed on me. The system is using yescrypt, and I'm having difficulty reformatting the shadow line to match hashcat's format.
From the example hashes wiki page it needs to follow this format:
SCRYPT:16384:8:1:OTEyNzU0ODg=:Cc8SPjRH1hFQhuIPCdF51uNGtJ2aOY/isuoMlMUsJ8c=
The shadow hash has this this format: `$y$j9T$salt$hash`.
Following along with this SO answer the j9T should correspond to SCRYPT:182:4096:32:salt:hash. Using this line with mode -m 70200 results in a token length or encoding exception.
I also came across the format hash guidance wiki page, which mentions the difference between Linux hashes and the expected format for hashcat, but has TBD for a conversion tool.
I'd appreciate any troubleshooting advice.
I am attempting to recover a Linux user password, and in the decade since the last time I used jtr and hashcat things have changed on me. The system is using yescrypt, and I'm having difficulty reformatting the shadow line to match hashcat's format.
From the example hashes wiki page it needs to follow this format:
SCRYPT:16384:8:1:OTEyNzU0ODg=:Cc8SPjRH1hFQhuIPCdF51uNGtJ2aOY/isuoMlMUsJ8c=
The shadow hash has this this format: `$y$j9T$salt$hash`.
Following along with this SO answer the j9T should correspond to SCRYPT:182:4096:32:salt:hash. Using this line with mode -m 70200 results in a token length or encoding exception.
I also came across the format hash guidance wiki page, which mentions the difference between Linux hashes and the expected format for hashcat, but has TBD for a conversion tool.
I'd appreciate any troubleshooting advice.