09-22-2018, 12:39 PM
Hi Chick3nman, thank you!
That was a clear explanation of how that works. I'll have to generate some dummy hashes with unknown salts and try that method. Thank you again.
By the way, is there a method of trying to exhaust the keyspace for every single bit position? Suppose the salt is 8 bytes, can a wordlist be made to crack the salt and cover every bit pattern for 8 bytes? Maybe a bit more practical to start with, only two bytes of salt.
I tried with hash 41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce
then a colon, then I thought, do I have to put in every possible 2 byte salt in format e.g.
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:0x010xAB
or whatever the format is? I think it's just digits from the examples page, so to get all 2 byte bit patterns, would that be 0 - 66536? So to exhaust the salts, lines like this:
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:00000
.. to ..
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:65536
That's mode 1710, for sha512(pass . salt), so for 1720 where I reverse it, the known being the password and the unknown the salt for sha512(salt . pass), I would do something like this:
hashcat -a 3 -m 1720 ... hashes-in-some-format salt-list.in.txt
Still not sure how I would feed it into hashcat in a format it understands, if I want to crack a bunch of sha512 hashes where the passwords are known and I just want to find the salts...
That was a clear explanation of how that works. I'll have to generate some dummy hashes with unknown salts and try that method. Thank you again.
By the way, is there a method of trying to exhaust the keyspace for every single bit position? Suppose the salt is 8 bytes, can a wordlist be made to crack the salt and cover every bit pattern for 8 bytes? Maybe a bit more practical to start with, only two bytes of salt.
I tried with hash 41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce
then a colon, then I thought, do I have to put in every possible 2 byte salt in format e.g.
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:0x010xAB
or whatever the format is? I think it's just digits from the examples page, so to get all 2 byte bit patterns, would that be 0 - 66536? So to exhaust the salts, lines like this:
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:00000
.. to ..
41783537b301fdec86e230677f769d716dee21423a6028a3c5adf9cd8cf3a39f870ae9118af69bd843926139f645004a4504e332528dc2d5fe3495c15191c9ce:65536
That's mode 1710, for sha512(pass . salt), so for 1720 where I reverse it, the known being the password and the unknown the salt for sha512(salt . pass), I would do something like this:
hashcat -a 3 -m 1720 ... hashes-in-some-format salt-list.in.txt
Still not sure how I would feed it into hashcat in a format it understands, if I want to crack a bunch of sha512 hashes where the passwords are known and I just want to find the salts...