sha512 find password with known pass and salt
#1
Hello,

i tried to find passwords with known pass, salt and i know that it uses sha512
I think i need to use the hash type -m 1710 sha512($pass.$salt) but i'm just guessing
As far as I understand, I have to create two files, one for the pass and one for the salt part but i'm not sure how to run the command.

I've tried following

c:\Temp\hashcat-6.2.6>hashcat.exe -m 1710 hashes\word.txt hashes\solve.txt
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) Iris(R) Xe Graphics, 6432/12981 MB (2047 MB allocatable), 96MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimim salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

Hashfile 'hashes\word.txt' on line 1 (********): Separator unmatched
No hashes loaded.

Started: Tue Feb 07 16:33:18 2023
Stopped: Tue Feb 07 16:33:19 2023


Can anybody point me to the right direction?
Thank you
Reply
#2
Progress, someone replied to my post but the reply was deleted after a few seconds/minutes, thanks anyway!

I've put the pass (?hash?) and the salt in one txt file like this pass:salt and run the command again, hashcat tried to recover the password but failed. 2 ATTENTIN messages where displayed during the process
ATTENTION! Pure (unoptimized) backend kernels selected.

Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

and this
ATTENTION! Read timeout in stdin mode. Password candidates input is too slow:

* Are you sure you are using the correct attack mode (--attack-mode or -a)?
* Are you sure you want to use input from standard input (stdin)?
* If using stdin, are you sure it is working correctly, and is fast enough?

along with one abort message
No password candidates received in stdin mode, aborting

Did i do something else wrong?
The pass consists of 128 characters all of which are upper case letters and numbers
The salt consists of 64 characters containing lower and upper case letters, numbers and special characters including colon

The passwords i need to recover are from a filezilla server, the previously responsible technician failed to document the passwords.
Reply
#3
well i dont get your point, you wrote:
Quote:"i tried to find passwords with known pass, salt and i know that it uses sha512"

when you already know the pass aka password and salt you already have your password???

when you are talking about hash:salt, put hash:salt into a file (input) and run hashcat like

hashcat -a0 -m1710 input dictionary-file
OR
hashcat -a3 -m1710 input bruteforce-mask

please see the dokumentation https://hashcat.net/wiki/doku.php?id=hashcat and given examples
Reply