05-03-2023, 12:17 PM
(This post was last modified: 05-03-2023, 06:53 PM by Chick3nman.)
Hello, I have two different SHA-1 (raw) hashes from a CTF game:
Both hashes were cracked on the server onlinehashcrack.com as "tapinak" (without quotes, both passwords were marked as seven chars long so no white spaces are present).
I have no problem understanding the first hash, because of:
I have a feeling that the encoding is the problem regarding the second hash, but I have no idea how to get that hash from the word "tapinak". Trying several encoding (windows-1250, utf-7, unicode, ISO-8859-2, ...) I always get the hash starting 24109... with some exceptions (below) but no hash starts with 63BBC0...:
What am I overlooking? Any obscure encoding or it has nothing to do with encoding? Using hashcat I can crack only the first hash starting with 24109... (wordlist attack, brute-force attack) so how to tweak the hashcat parameters to be able to crack the second hash if I already know the password from the server onlinehashcrack.com? The same result with John The Ripper, it can crack only the first hash...
Thank you in advance for your help.
- 2410911A7F9B916388D5782CA2F75488BFA*****
- 63BBC0E1CF5FB647B51CC8C95A82BA30D05*****
Both hashes were cracked on the server onlinehashcrack.com as "tapinak" (without quotes, both passwords were marked as seven chars long so no white spaces are present).
I have no problem understanding the first hash, because of:
Code:
IN: echo -n tapinak | openssl sha1
OUT: SHA1(stdin)= 2410911a7f9b916388d5782ca2f75488bfa*****I have a feeling that the encoding is the problem regarding the second hash, but I have no idea how to get that hash from the word "tapinak". Trying several encoding (windows-1250, utf-7, unicode, ISO-8859-2, ...) I always get the hash starting 24109... with some exceptions (below) but no hash starts with 63BBC0...:
Code:
IN: echo -n tapinak | iconv -t utf16le | openssl sha1
OUT: (stdin)= cb7d3774892aab8cafa90a34b2ae47cce65*****
IN: echo -n tapinak | iconv -t utf16be | openssl sha1
OUT: (stdin)= f2d090da947a8b9bbe1dcf82beba8d8493b*****What am I overlooking? Any obscure encoding or it has nothing to do with encoding? Using hashcat I can crack only the first hash starting with 24109... (wordlist attack, brute-force attack) so how to tweak the hashcat parameters to be able to crack the second hash if I already know the password from the server onlinehashcrack.com? The same result with John The Ripper, it can crack only the first hash...
Thank you in advance for your help.