08-08-2022, 03:48 PM
I am trying to figure out how to audit hashes created by codimd open source software. Does anyone have any suggestions about re-formatting the password hashes for hashcat input?
Based on the code it looks like they are using NMP Scrypt.kdf
e.g. https://github.com/hackmdio/codimd/blob/...ls/user.js
For example I created a local docker installation of codimd and created a few user accounts with password lower case "a". The corresponding password hashes are stored in the database user table.
736372797074000e00000008000000011ebbfa9c2fd52e92f40903bc74ca18c54713990e72e789779e099f635faf42fea5e77289edfaf53a861aa55bd1db8d7f7c0cadcaf2cdc940210635115b1804554a1956c7e6616d78846c458e55800d3b
736372797074000e00000008000000018fb85c39632adb2ba7d599adccb839f37cced14770f1e6a45e7bee8a240a6d7e4c7e2033b74c8a19445553e46ed9bbfe5c446798ea47962380f5293d27ce5c6fcfb7d3b46530642845a7efd0d7837e21
Does anyone have any ideas about how to wrangle this hash into a format that will be accepted as input for hashcat. I think the closest mode may be 8900.
Comments / tips are appreciated
Based on the code it looks like they are using NMP Scrypt.kdf
e.g. https://github.com/hackmdio/codimd/blob/...ls/user.js
For example I created a local docker installation of codimd and created a few user accounts with password lower case "a". The corresponding password hashes are stored in the database user table.
736372797074000e00000008000000011ebbfa9c2fd52e92f40903bc74ca18c54713990e72e789779e099f635faf42fea5e77289edfaf53a861aa55bd1db8d7f7c0cadcaf2cdc940210635115b1804554a1956c7e6616d78846c458e55800d3b
736372797074000e00000008000000018fb85c39632adb2ba7d599adccb839f37cced14770f1e6a45e7bee8a240a6d7e4c7e2033b74c8a19445553e46ed9bbfe5c446798ea47962380f5293d27ce5c6fcfb7d3b46530642845a7efd0d7837e21
Does anyone have any ideas about how to wrangle this hash into a format that will be accepted as input for hashcat. I think the closest mode may be 8900.
- It seems that I will need to base64 the salt and digest. Based on the code, I believe the current format is hex. I'm not sure if I will have to convert to binary before base64 encoding or not.
- I'm still not sure how to find / determine the salt. The hashes all share a common prefix so maybe they use a common salt such as uptime?
- I'm still trying to figure out how to determine the P,n,r for 8900 format e.g. SCRYPT:1024:1:1:
Comments / tips are appreciated