09-22-2018, 10:02 AM
In the case of searching for a salt, have you tried just relabeling the parts? Swap salt and password values around in their fields to match the algorithm.
If i have md5($pass.$salt) and I know the salt, which is typically how this works, i could look at it as md5($unknown.$known). Hashcat attacks the unknown pieces, so that position would be the password in this case. But say i know the password and not the salt. If i try to use the algorithm md5($pass.$salt) the unknown position will be the password still, and hashcat wont understand. If i were to use the algorithm md5($salt.$pass) which is equivalent to md5($known.$unknown) I could place the password where i would normally place a salt, in the known position, and load it up that way. The position being attacked would be correct for my target since i'm attacking the right side position and not the left one.
If i have md5($pass.$salt) and I know the salt, which is typically how this works, i could look at it as md5($unknown.$known). Hashcat attacks the unknown pieces, so that position would be the password in this case. But say i know the password and not the salt. If i try to use the algorithm md5($pass.$salt) the unknown position will be the password still, and hashcat wont understand. If i were to use the algorithm md5($salt.$pass) which is equivalent to md5($known.$unknown) I could place the password where i would normally place a salt, in the known position, and load it up that way. The position being attacked would be correct for my target since i'm attacking the right side position and not the left one.