06-17-2013, 07:53 PM
The contents of my salt file is just usernames. How do I go about combining hashes and usernames?
SMF
|
06-17-2013, 07:53 PM
The contents of my salt file is just usernames. How do I go about combining hashes and usernames?
06-17-2013, 08:43 PM
We should really focus on the SMF problem here, what you are asking now is very trivial linux stuff. Anyway, paste this one-liner in your shell and you should see how it is combined. Add redirection at the end ( "> hash_0121.txt") to get the output into the hash_0121.txt text file that you can use later on
Code: while read hash;do while read salt;do echo $hash:$salt;done < smfMembers-top200.salt; done < smfMembers-top200.hash
06-17-2013, 09:11 PM
Let me restate my question, I believe the hashes are supposed to be salted w/ the usernames. I have hashes and I have usernames. What concerns me is that the example hash listed earlier has what appears to be $hash followed by a colon and a string of digits. Those digits don't seem to correspond to a username ...at least directly.
Should the usernames be filtered thru something like sha1sum before being tacked on to the end of the hash or should i have something like: 014f1ef02d52b27ae68670b119097d2309eb0d21omeUser (which is what I'd get if I performed the above command)? Sorry to linger on such (seemingly) basic steps.
06-17-2013, 09:25 PM
DOH! I somehow missed that whole "passwdSalt" field in the database.
It is just like I said... please believe me, you should append the salt to the hash (separating hash and salt w/ colons, the salt is a normal string, doesn't need to be in hex or something like that).
The above command solves all your problems (unlikely! maybe some of them ). Otherwise wait for -e support in 0.46 release. Thx It seems that you now have new info and can combine hash and salt directly, i.e. not each hash w/ every salt, but only the hash to the salt in question (same tuple in database). Therefore it makes no sense to generate the whole "hash file". Anyway you need to dump the database file into the correct format, which is again: hashalt And please: don't post always twice, instead update your previous post, as I did here!
06-17-2013, 10:13 PM
My apologies for the double-post. Other forums I participate in discourage the editing of posts so I'm reluctant for that reason.
With a file formatted like this: 56df57b48654c07c0803d4cfa3872eb1c863d038:adfd I chopped off the first 10 lines "head hashfile.txt >head.txt" (to get the first 10 hashes in a separate file for time's sake) and after adding a known password (of one of the hashes in head.txt) to the dictionary file, I ran: ../hashcat-cli32.bin -a0 -m121 -o results.txt -n8 --remove head.txt linked.dic and got: Recovered.: 0/10 hashes, 0/10 salts Looks like I've still got work to do.
06-18-2013, 03:21 PM
So, the correct format of the hashfile is $40-character-hash:$not-necessarily-lowercase-username.
Sorry I'm so thick, but at least I've got a better understanding from plugging away at it myself (w/ much appreciation for all the help & links provided!) Now I just have to figure out how to get ocl-hashcat working on this old linux box. |
« Next Oldest | Next Newest »
|