Possible to use hashcat to convert password list to hex on the fly?
#1
Got a plain sha256 hash that I need to crack. Password is between 6 and 16 character long, and if pwd length is less than 16, the pwd is padded with zero-bytes. So the passwords are generated as following:
Code:
pwd = "SomePwd"
hash = sha256(pwd[:16].encode('ascii')+b'\x00'*(16-len(pwd[:16])))

It's easy to solve this using brute force mode (-a 3) and adding the --hex-charset flag. The password rules for the application the hash comes from makes it unfeasible to try brute forcing lengths greater than 8, thus once that job finish I need to jump over to word lists and rules, and this is where I hit the wall using hashcat. 

Using python to do the padding and converting to hex and feeding the passwords to hashcat works (e.g. python3 modifypw.py | hashcat -m 1400 hash.txt --hex-wordlist - where modifypw.py is just a script that reads the word list, do the necessary modifications and prints hexlified pwd that can be piped to hashcat), but this is/seem to be a bit slow and I was hoping it maybe could be solved using hashcat logic itself to (maybe) speed it up. However, I can't seem to figure this one out.

I can of course convert all the wordlists I want to test to hex prior to running the dictionary attack and it might be what I'll end up doing (and using either rules to emulate a hybrid attack for taking care of the zero-padding or just running a hybrid attack where I ensure to add enough zero bytes depending on the current pwd lengths I'm testing).

If I can't use hashcat to do this conversion to hex, any suggestions for something that might be a bit faster than using python for piping the (hexlified) dictionaries to hashcat?
#2
rules.... just append with the append rule $\x00 16 times and then truncate the password

my.rule
Code:
$\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 'G

The problem here might only be, what should happen with passwords longer than 16 ? but I guess these aren't that common (of course this depends on the user base).

for mask attacks, you can use the hashcat mask file support (.hcmask): all lines within your hcmask file have a mask with a mask length of exactly 16 bytes (also see --hex-charset option etc). see https://hashcat.net/wiki/doku.php?id=mas...mask_files and https://hashcat.net/faq#what_is_a_hashcat_mask_file
#3
(09-20-2021, 05:40 PM)philsmd Wrote: rules.... just append with the append rule $\x00 16 times and then truncate the password

my.rule
Code:
$\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 $\x00 'G

The problem here might only be, what should happen with passwords longer than 16 ? but I guess these aren't that common (of course this depends on the user base).

for mask attacks, you can use the hashcat mask file support (.hcmask): all lines within your hcmask file have a mask with a mask length of exactly 16 bytes (also see --hex-charset option etc). see https://hashcat.net/wiki/doku.php?id=mas...mask_files and https://hashcat.net/faq#what_is_a_hashcat_mask_file


Thanks for the feedback, tried again now with a test hash and for some reason it worked now, so maybe I had some typos in my first attempt that I didn't see, or if I had the --hex-wordlist flag included when I shouldn't or something similar, argh. 

For my first attempt I used a rule $\x00 Z9 'G which failed, but I probably overlooked something. Typical picnic-situation going on here ("problem in char, not in computer"), haha!

As for pw > 16, it's not possible in the SW, so truncating at 16 is good. 

Update; tried again on my other machine (#1) and it failed. On machine #1 I used --hex-charset with the rule and it failed, but on the machine (#2) I'm writing this on I used --hex-charset and it worked. Tried removing --hex-charset on machine #1 and then it worked with the sample hash, same thing on machine #2, so a bit confused why it works both with and without using --hex-charset on machine #2, whereas on machine #1 it only works without using --hex-charset.

Hopefully final update; same on both machines now, but it seems like what makes the different results appear is the password candidate. Before testing with the same hashes on both machines I had the hash for the word "panini" on machine #1 and "Abracadabra2020" on machine #2. And with "Abracadabra2020" hashcat could crack the hash both with and without using --hex-charset, but when trying to crack the hash for "panini", it can only be done without --hex-charset. So basically, no need to use --hex-charset, but I think that's where my confusion originated from.

Anways, I consider this solved now. Thanks again, philsmd.