Posts: 11
Threads: 3
Joined: Aug 2022
Is there a utility to create a hashes from cleartext passwords? (Hashcat in reverse).
I have a large list of recovered passwords in one format (sha1) that I would like to create hashes for in other formats such as NTLM, sha256, etc. where salts are not used (obviously). I could script this in bash or python for some hashes, but this is inefficient and has limited hash type support compared to hashcat.
is there a capability / tool to perform this procedure?
thanks,
example: Given the password "P@ssw0rd"
-- the SHA1 is: 21bd12dc183f740ee76f27b78eb39c8ad972a757
# convert to sha256
echo -n "P@ssw0rd" | sha256sum
b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342
#convert to md5
echo -n "P@ssw0rd" | md5sum
161ebd7d45089b3446ee4e0d86dbcf92
Posts: 180
Threads: 0
Joined: Nov 2017
"could script this in bash or python for some hashes, but this is inefficient and has limited hash type support compared to hashcat."
You could do every hash / type that Hashcat has in Python. The question is just: Why?
Posts: 11
Threads: 3
Joined: Aug 2022
(03-12-2024, 09:58 AM)DanielG Wrote: You could do every hash / type that Hashcat has in Python. The question is just: Why?
Yes, I 'could' recreate all the hash logic, but existing libraries have limited algorithm support.
As to why:
-- rapid audit of client environments during red-teaming, meeting the requirements not to reveal clear-text credentials (yes, you could do a A=B and B=C so A=C exercise, but this meets most requirements)
-- simplified data integration into products with specific hashing requirements
-- etc.
Posts: 180
Threads: 0
Joined: Nov 2017
Okay fair enough. I tried looking around but I could not find a pre made tool that creates lists of different hashes from a wordlists. I'm afraid you'll need to define the hash types you want and get a custom tool/script made or make it yourself.
Posts: 825
Threads: 15
Joined: Sep 2017
03-12-2024, 05:44 PM
(This post was last modified: 03-12-2024, 05:45 PM by Snoopy.)
do you want to build some kind of rainbowtable?
a script solution ala python/bash may seem slow, but you just need to run its once per inputfile so it seems a legit way to get your desired lists, you can store the result in different ways
or do you want a inmemory solution, generating all hashes on the fly?
i did a fast test with python and sha256:
generating 1.000.000 hashes in 1.84 seconds, so ~ 500.000 per second, i think this is fast enough for any inputfile
the only limiting factor is RAM (when you want to work inram, or storage io and storage) the main problem will be writing to disk or storing that amount of data (there is a reason rainbowtables are considered obsolete)
i think pythons hashlib will cover most used hashformats for your case, so i would stick with a python script
Posts: 11
Threads: 3
Joined: Aug 2022
Thanks all. This will not be updated all that frequently (monthly i'd guess), so I think python it is. As mentioned, most common cases can be handled by hashlib.
No need for in-memory or rainbow tables (which are mostly useless given modern GPUs). Not trying to recreate a broken wheel
Posts: 11
Threads: 3
Joined: Aug 2022
If anyone is interested I created the script and posted a copy to pastebin:
https://pastebin.com/uQcK3V1h
