09-07-2021, 12:33 AM
(This post was last modified: 09-07-2021, 12:39 AM by ColtMorgan.
Edit Reason: adding syntax
)
I am trying to use hashcat to attack the haveibeenpwned DB, the whole 27GB file, split up into sections of course. The issue is that the DB adds these appendages to the end of ths sha1 hash. Its the number of times the password has appeared in a wordlist or such. So I basically need to be able to tell hashcat to ignore the salt on the end of a hash. I cannot seem to be able to find out how to do this. I know people have done it, I just cant seem to manage it. I imagine it is similar to telling hashcat to ignore the username on a hash.
I am not planning on using this maliciously or anything crazy. I just want to be able to see the plaintext passwords and compare them against my own. I would also like to be able to have a list that people can look at for bad examples. I work with a small ISP, and want to be able to show customers how to pick good passwords.
./hashcat64.exe --username -a 0 -m 100 -r ./rules/dive.rule haveibeenpwned/segmentaf.hash rockyou.txt -o haveibeenpwnedcracked.txt
I am not planning on using this maliciously or anything crazy. I just want to be able to see the plaintext passwords and compare them against my own. I would also like to be able to have a list that people can look at for bad examples. I work with a small ISP, and want to be able to show customers how to pick good passwords.
./hashcat64.exe --username -a 0 -m 100 -r ./rules/dive.rule haveibeenpwned/segmentaf.hash rockyou.txt -o haveibeenpwnedcracked.txt