How to create a script that does the following....? (multiple hashings)
#1
I'll try to explain what i'm trying to accomplish as detailed as possible;



1) I have an unknown string with keyspace of 8 char alphanum

2) I also have a *partially* known string with a few characters that are unknown [E.G abcdefgh_UNKNOWNPART_ijklmno]

the unknown characters of the partially known string are the uppercase md5 digest of the unknown 8 char alphanum string mentioned above

3) I also have a known md5 digest to compare against



So in essence i have a partially known password string and am trying to bruteforce the unknown portion of it.


So i need to brute force the 8char alphanum with MD5, it needs to be done in the following way:


- md5 hash the unknown 8 char string (1) [keyspace 8 char alphanum]
- convert the resulting md5 digest to all uppercase
- insert the resulting uppercase md5 digest within the *partially* known string(2) mentioned earlier E.G 

(abcdefgh_UPPER_CASE_MD5_DIGEST_ijklmno)

- hash this new string with MD5

- Compare the md5 digest of this newly hashed string against our known md5 digest (3) mentioned earlier.


How can this be accomplished with Hashcat, natively?

How much slower will this be than the expected ~1/2 speed of MD5 cracking (Since we're doing md5 twice in one script)


Here is a live simple example




Code:
unknown alphanum string = ******

partially known string = abcdef********************************ghijkl

known md5 digest = 1fde66f0c18416f2f7aa94b87f856d66



if our "unknown string" is 12345678, then our partially known string would end up looking like

abcdef25D55AD283AA400AF464C76D713C07ADghijkl


Therefore :


md5(abcdef25D55AD283AA400AF464C76D713C07ADghijkl) = 1fde66f0c18416f2f7aa94b87f856d66
Reply
#2
I suppose your task can't be solved by script. You need specific module for using with hashcat:
md5($salt1.strtoupper(md5($pass)).$salt2)
And yes, this module will be twice slower in comparison with simple MD5.
Reply
#3
(01-26-2022, 06:20 AM)nick8606 Wrote: I suppose your task can't be solved by script. You need specific module for using with hashcat:
md5($salt1.strtoupper(md5($pass)).$salt2)
And yes, this module will be twice slower in comparison with simple MD5.

This makes sense.  Do you have any suggestions on how to develop this module?
Reply
#4
(01-26-2022, 07:20 AM)jmmanogsabju Wrote: Do you have any suggestions on how to develop this module?

Hashcat comes with sources and includes guide about new module development. All theory and a lot of examples are accessible. If you have experience in programming you can try to make your own module by yourself.
Reply