Trouble parsing Linux SHA512 hashes
#1
Quote:PS C:\Users\ansga\Downloads\hashcat-6.2.6> more pawnhash.txt
pawn:$y$j9T$7JNmy6SCVxovLtOaUKDqC1$bC9GtLzjBzrSFilsBhUxWkUB538Mml7rqkdR9.bR.l3:19298:0:99999:7:::

PS C:\Users\ansga\Downloads\hashcat-6.2.6> .\hashcat.exe -m 1800 -a 0 .\pawnhash.txt .\rockyou.lst
hashcat (v6.2.6) starting

.\pawnhash.txt: Byte Order Mark (BOM) was detected
Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
            CUDA SDK Toolkit required for proper device support and utilization.
            Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.0.70) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1660 SUPER, 5440/6143 MB (1535 MB allocatable), 22MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile '.\pawnhash.txt' on line 1 (p): Token length exception
Failed to parse hashes using the 'shadow' format.

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

No hashes loaded.

Started: Wed Nov 02 19:04:06 2022
Stopped: Wed Nov 02 19:04:07 2022

I have did that long time ago without any problems but know I can't get it to work somehow, what am I missing?
I don't understand this linux hashing tbh, my login.defs says it is SHA512 but SHA512 should be 128 length hex afaik.
Reply
#2
Just save pawnhash.txt again but without the BOM
Reply
#3
Quote:PS C:\Users\ansga\Downloads\hashcat-6.2.6> .\hashcat.exe -m 1800 -a 0 .\pawnhash3.txt .\rockyou.lst
hashcat (v6.2.6) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
            CUDA SDK Toolkit required for proper device support and utilization.
            Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.0.70) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1660 SUPER, 5440/6143 MB (1535 MB allocatable), 22MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile '.\pawnhash3.txt' on line 1 (pawn:$...7rqkdR9.bR.l3:19298:0:99999:7:::): Token length exception

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

No hashes loaded.

Started: Wed Nov 02 22:06:20 2022
Stopped: Wed Nov 02 22:06:21 2022
PS C:\Users\ansga\Downloads\hashcat-6.2.6> cat .\pawnhash3.txt
pawn:$y$j9T$7JNmy6SCVxovLtOaUKDqC1$bC9GtLzjBzrSFilsBhUxWkUB538Mml7rqkdR9.bR.l3:19298:0:99999:7:::

No BOM, still not working though
Reply
#4
You said it's SHA512, but it's not. It's yescrypt.
Reply
#5
(11-02-2022, 11:33 PM)atom Wrote: You said it's SHA512, but it's not. It's yescrypt.
Yeah I did mention that there is something odd about that cipher, 
login.defs says ENCRYPT_METHOD SHA512 but I'm a simple guy I can't tell one byte-mixer from another, I don't even know what this yescript is and how to deal with it with hashcat, this doesn't seem like something very popular yet it seems they did that as the implicit default encrypt method in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)
Reply
#6
yescrypt is another hash which is currently not supported with hashcat. We will add support for it in a distant future when more distributions have switched to yescrypt.
Reply
#7
Yescrypt can be attacked using the scypt mode in John the Ripper.
Reply
#8
https://security.stackexchange.com/quest...t-yescrypt
"Starting from Debian 11 / bullseye yescrypt is the default password hash so this will also work on recent builds of Debian derivative The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)-rolling):"
Still waiting on `yescrypt` for hashcat, but this works for now.
`sudo unshadow /etc/passwd /etc/shadow > hashes`
`sudo john hashes --format=crypt`
Reply