09-27-2023, 04:05 PM
(This post was last modified: 09-27-2023, 04:26 PM by Chick3nman.)
Here's the problem: a bcrypt hash and a bcryptmd5 hash are completely, mathematically, indistinguishable *until* you crack them.
So, using the hashcat examples:
is a bcrypt hash for the plaintext "hashcat"
is a bcryptmd5 hash for the plaintext "hashcat"
what this *really* means is: the plaintext "hashcat" is hashed with MD5, producing a hex value of, and this hex value is then hashed by bcrypt, giving you a "bcryptmd5" hash value of
This isn't a "real" specified hash construction though, it's just an MD5 hash value being hashed *again* by bcrypt.
The hashcat modes for nested crypt hashes (bcryptmd5, etc) are merely there for our convenience, and you can, for example, break a bcryptmd5 hash using bcrypt (-m 3200) and supplying the MD5 hash hex value as your plaintext.
This is how you typically find out that a given group of hashes is in fact nested, when you start getting cracks that are 32 hex values (or 64, or 128 or whatever).
[quote="sorry_me_stupid" pid='59247' dateline='1695821802']
After like some days spent on bruteforcing bcrypt hashes with no positive result, using algorithm 3200, I have realised that algorithms
3200, 25600, 25800, 28400, 30600 have similar examples
[quote]
[/quote]
All of them are 62 characters long, all of them using same possible character lists, and all of them give no error while choosing wrong attack mode.
For example I am loading all those 5 hashes, choose bcryptsha256 attack mode, and they are bruteforcing like everything is ok, but wordlist "hashcat" word gives positive result only for correctly chosen attack mode, according to the algorithm.
So I am doing so many useless work.
Could someone help me, maybe there are some "secrets" and "tricks" which help recognizing correct hashmode for bcrypt hashes?
hashes dot com says all of them are bcrypt unix 3200 mode, but that is not true
[quote]
That was example list, maybe someone could show directly on the example here, how we could differ bcrypt hashes
[/quote]
So, using the hashcat examples:
Code:
$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6Code:
$2a$05$/VT2Xs2dMd8GJKfrXhjYP.DkTjOVrY12yDN7/6I8ZV0q/1lEohLruwhat this *really* means is: the plaintext "hashcat" is hashed with MD5, producing a hex value of
Code:
8743b52063cd84097a65d1633f5c74f5Code:
$2a$05$/VT2Xs2dMd8GJKfrXhjYP.DkTjOVrY12yDN7/6I8ZV0q/1lEohLruThis isn't a "real" specified hash construction though, it's just an MD5 hash value being hashed *again* by bcrypt.
The hashcat modes for nested crypt hashes (bcryptmd5, etc) are merely there for our convenience, and you can, for example, break a bcryptmd5 hash using bcrypt (-m 3200) and supplying the MD5 hash hex value as your plaintext.
This is how you typically find out that a given group of hashes is in fact nested, when you start getting cracks that are 32 hex values (or 64, or 128 or whatever).
[quote="sorry_me_stupid" pid='59247' dateline='1695821802']
After like some days spent on bruteforcing bcrypt hashes with no positive result, using algorithm 3200, I have realised that algorithms
3200, 25600, 25800, 28400, 30600 have similar examples
[quote]
[/quote]
All of them are 62 characters long, all of them using same possible character lists, and all of them give no error while choosing wrong attack mode.
For example I am loading all those 5 hashes, choose bcryptsha256 attack mode, and they are bruteforcing like everything is ok, but wordlist "hashcat" word gives positive result only for correctly chosen attack mode, according to the algorithm.
So I am doing so many useless work.
Could someone help me, maybe there are some "secrets" and "tricks" which help recognizing correct hashmode for bcrypt hashes?
hashes dot com says all of them are bcrypt unix 3200 mode, but that is not true
[quote]
That was example list, maybe someone could show directly on the example here, how we could differ bcrypt hashes
[/quote]