SHA1 underscore salted ?
#1
Hi,

Is it possible to recover hashes created with :

Code:
$hash = sha1($user.'_'.strtoupper($pass));

(I know $user)

Thank you.
#2
Yeah, use -m 120, make the username_ the salt and mutate all passwords to be in uppercase.
Easy!
#3
just add an underscore to the end of each salt and use the 'u' rule.

Edit: aww, Rolf beat me to it.
#4
Oh yes, thank you.

For my curiosity, if the salt ends with ':', it's the same format ?
Code:
hash:salt:
#5
you mean a username that ends with a : ?
#6
i do not know if the string parser will be confused by the second : or not, too lazy to test, but if it is, you could always just use a hexsalt.
#7
It will not. You can have as many :'s as you want in a salt as long as you use the right -m.
#8
I mean the username is "MyUsername:"
I create a hashfile :
Code:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:MyUsername:

Should it work with -m 120 ?
#9
Lets say a username is "Jorgen" and the password is "narepanne" (the real password can be Narepanne, NarePanne and other case mutations, but it doesn't matter since the algo uppercases all the passwords).
This gives us the following hash: dc988c67372835f1156659e69b94d86e6c735e00.
To use this with any cats, you select -m 120 and put the hash in the following format in the hashfile:
dc988c67372835f1156659e69b94d86e6c735e00:Jorgen_
And, of course, use the rule u, or you'll be wasting time.

Now you know how to modify it to any example.
Also, if any cats find a colon in a salt, they treat it as a character, not separator, unless the hash has a username after the salt.
#10
Nice, thank you. It worked well Smile