I tried the following schemes (with different iterations), but no luck:
I have added the python code to replicate if you want different schemes.
I used the 'default' password of admin from this script: https://gist.github.com/andrewmkhoury/da...50d4d83795
edit: had to change tabs into spaces because this forum removed the tabs
- most likely, sha_265(salt+password) then rehash the hash 1000 times
- most likely too, sha_265(password+salt) then rehash the hash 1000 times
- less likely sha_265(password) then rehash the hash 1000 times prepending salt every time
- less likely sha_265(password) then rehash the hash 1000 times appending salt every time
- even less likely sha_265(salt) then rehash the hash 1000 times prepending password every time
- even less likely sha_265(salt) then rehash the hash 1000 times appending password every time
- same scenario's as above, but instead of using the raw bytes from the hash, print it as 'hex string' (very unlikely)
I have added the python code to replicate if you want different schemes.
I used the 'default' password of admin from this script: https://gist.github.com/andrewmkhoury/da...50d4d83795
Code:
import hashlib
# {SHA-256}a9d4b340cb43807b-1000-33b8875ff3f9619e6ae984add262fb6b6f043e8ff9b065f4fb0863021aada275
# https://gist.github.com/andrewmkhoury/da868236e16a2415439b7750d4d83795, reset account admin to password admin
password = b'admin'
salt = bytearray.fromhex("a9d4b340cb43807b")
thehash = "33b8875ff3f9619e6ae984add262fb6b6f043e8ff9b065f4fb0863021aada275\n"
iterations = 1001
#most likely, sha_265(salt+password) then rehash the hash 1000 times
m = hashlib.sha256()
m.update(salt)
m.update(password)
for i in range(iterations):
m.update(m.digest())
print m.hexdigest()
print thehash
#most likely too, sha_265(password+salt) then rehash the hash 1000 times
m = hashlib.sha256()
m.update(password)
m.update(salt)
for i in range(iterations):
m.update(m.digest())
print m.hexdigest()
print thehash
#less likely sha_265(password) then rehash the hash 1000 times prepending salt every time
m = hashlib.sha256()
m.update(password)
for i in range(iterations):
m.update(salt)
m.update(m.digest())
print m.hexdigest()
print thehash
#less likely sha_265(password) then rehash the hash 1000 times appending salt every time
m = hashlib.sha256()
m.update(password)
for i in range(iterations):
m.update(m.digest())
m.update(salt)
print m.hexdigest()
print thehash
#even less likely sha_265(salt) then rehash the hash 1000 times prepending password every time
m = hashlib.sha256()
m.update(salt)
for i in range(iterations):
m.update(password)
m.update(m.digest())
print m.hexdigest()
print thehash
#even less likely sha_265(salt) then rehash the hash 1000 times appending password every time
m = hashlib.sha256()
m.update(salt)
for i in range(iterations):
m.update(m.digest())
m.update(password)
print m.hexdigest()
print thehash
#from here the same scenario's as above, but instead of using the raw bytes from the hash, print it as 'hex string' (very unlikely)
m = hashlib.sha256()
m.update(salt)
m.update(password)
for i in range(iterations):
m.update(m.hexdigest())
print m.hexdigest()
print thehash
m = hashlib.sha256()
m.update(password)
m.update(salt)
for i in range(iterations):
m.update(m.hexdigest())
print m.hexdigest()
print thehash
m = hashlib.sha256()
m.update(password)
for i in range(iterations):
m.update(salt)
m.update(m.hexdigest())
print m.hexdigest()
print thehash
m = hashlib.sha256()
m.update(password)
for i in range(iterations):
m.update(m.hexdigest())
m.update(salt)
print m.hexdigest()
print thehash
m = hashlib.sha256()
m.update(salt)
for i in range(iterations):
m.update(password)
m.update(m.hexdigest())
print m.hexdigest()
print thehash
m = hashlib.sha256()
m.update(salt)
for i in range(iterations):
m.update(m.hexdigest())
m.update(password)
print m.hexdigest()
print thehashedit: had to change tabs into spaces because this forum removed the tabs