I personally don't like the idea of having software names there instead of the used storage algorithm. Let's say I have a wbb hash. It's not in the list. So let's look up what storage algorithm is used. Got it... Damn what software uses this storage algorithm too and is also listed? So leads me to another lookup (which may or may not be successful). Also if i know i have a md5(salt.pass). Was this like Joomla or like osc? Always confuse these two. I think you get it. Such a list can never be near to complete and therefore can be a bit frustrating.
I prefer a list like
btw, how about a "hash:plain" output format? With salts like in vb it can be kinda hard to tell where the salt ends and where the password starts.
can rules now be used in all available attack modes or is there a line missing in the output?
I prefer a list like
Code:
.
1 = md5(pass.salt) (e.g. Joomla)
2 = md5(salt.pass) (e.g. osCommerce, xt:Commerce)
...btw, how about a "hash:plain" output format? With salts like in vb it can be kinda hard to tell where the salt ends and where the password starts.
can rules now be used in all available attack modes or is there a line missing in the output?