How to crack a bcrypt hash with salt?
#1
Hello! I am learning how to use Hashcat to crack different types of passwords. I hope someone here can help me. I cannot find anything online so I made an account on this forum just to ask this. I have a bcrypt hash with a known salt. How would I go about cracking it? Where do I tell Hashcat I have a salt for it to use? And am I using the right hash mode? I was thinking about using 3200 but not 100% sure it's the right one to use. If you need more information from me to help solve this problem just ask, I'll reply to you.
Reply
#2
hashcat detects and uses the salt automatically. Simply pass the hash it on the command line (may need to single-quote the dollar signs). It's mode 3200 (unless it's a nested hash of some kind). So hashcat -m 3200 'hash', along with what attack you want (straight wordlist (-a 0) is probably what you'd want with a slow hash)
~
Reply
#3
(03-02-2022, 12:38 AM)royce Wrote: hashcat detects and uses the salt automatically. 

For all hash-modes ? or only for 3200 ?
So, you don't need to pass the salt to Hashcat, even if you know that particular salt ?

Below is the example hash from https://hashcat.net/wiki/doku.php?id=example_hashes

Code:
C:\hashcat-6.2.5>hashcat.exe  -a 3  -m 3200  "$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6"  "hashcat"

hashcat (v6.2.5) starting

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #1 [Intel(R) Corporation]
====================================================================
* Device #1: Intel(R) Celeron(R) CPU 1005M @ 1.90GHz, 8103/16270 MB (2033 MB allocatable), 2MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 72

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 0 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6:hashcat

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 3200 (bcrypt $2*$, Blowfish (Unix))
Hash.Target......: $2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzr...vQJLF6
Time.Started.....: Wed Mar 02 09:51:15 2022 (0 secs)
Time.Estimated...: Wed Mar 02 09:51:15 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: hashcat [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:      253 H/s (3.52ms) @ Accel:2 Loops:32 Thr:1 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-32
Candidate.Engine.: Device Generator
Candidates.#1....: hashcat -> hashcat

Started: Wed Mar 02 09:50:59 2022
Stopped: Wed Mar 02 09:51:17 2022
Reply
#4
If the salt is already in the hash, it will automatically be used, for all hash types.

If the salt is not already in the hash, you can supply it on the command line.
~
Reply