[Help] Joomla 1.5.X hash
#1
Question 
Ok so I have setup a pretty powerful system to play around with this now.
I installed joomla 1.5 on my local test server just so that I could grab the password hash of my administrator account. I set the password to 12345 to make it easy to recover.

The hash in the database is

Code:
cb60170b8a8a5cc410394b84a9851faf:C0NtAOGke5thmmHl4rKDGWKNFlbCLidq

I put it in a file called hash.list and ran HC with the following arguments

Code:
./cudaHashcat32.bin hash.list --increment -m 1 -1 ?d?u?l ?1?1?1?1 ?1?1?1?1

But for some reason it goes past the length of the password that I set, without recovering it.

Am I doing some obvious error? Huh

Thanks in advance Smile

#2
You need to either put your mask like this ?1?1?1?1 ?1 or put the increment switch so that it will try the length before the one you have set:

?1?1?1?1 ?1?1?1?1 is length 8 only
#3
(01-27-2011, 06:17 AM)mastercracker Wrote: You need to either put your mask like this ?1?1?1?1 ?1 or put the increment switch so that it will try the length before the one you have set:

?1?1?1?1 ?1?1?1?1 is length 8 only

Ah yes, but so much I know.

And if you look at the row that I posted above, I have used --increment with ?1?1?1?1 ?1?1?1?1.
Doesn't that mean that it will start low, and go up to the length of 8? Thus in theory it should have been able to crack my password, or? But it doesn't.
#4
32 byte salt is not supported since v0.24. max 31 byte.
#5
(01-27-2011, 10:50 AM)atom Wrote: 32 byte salt is not supported since v0.24. max 31 byte.

hmm alright.
For performance reasons I assume?

So can I use V0.23 to do this? Or does it have some other limitation?
Do I need to use older drivers maybe or something to get it working with the GTX480?
#6
Ok so I solved my problem now, so for future references, here's what I did.
I used HC V0.23 instead, and installed the Nvidia 256.53 drivers.
Thanks to that it managed to crack the password Smile

Thanks for the help guys Smile
#7
(01-27-2011, 05:16 PM)n190 Wrote: Ok so I solved my problem now, so for future references, here's what I did.
I used HC V0.23 instead, and installed the Nvidia 256.53 drivers.
Thanks to that it managed to crack the password Smile

Thanks for the help guys Smile

mate would you like to share the experience and what exactly did you typed? I mean the whole command you've typed to crack the password. I have hash from joomla 1.5 also and I was having troubles all day because i didnt know the exact parameters . Please share this information with me.

#8
(01-28-2011, 06:51 PM)maceface Wrote: mate would you like to share the experience and what exactly did you typed? I mean the whole command you've typed to crack the password. I have hash from joomla 1.5 also and I was having troubles all day because i didnt know the exact parameters . Please share this information with me.

Ah sorry I didn't see that you wrote here.
You should take some time to read the --help in the application to learn it by yourself, because it's not that hard Wink

But anyway, this is how I did it.
Place the password+hash in a file (hash.list for example), and make sure the pass is in this format:
passConfusedalt

Then run this command.

Code:
./oclHashcat32.bin hash.list --increment -m 1 -1 ?l?u?d ?1?1?1?1 ?1?1?1?1

This command says the following:
*Increment from min to max word length (starts at the min word length and goes to the one you defined) = --increment
*Set mode 1, which is md5(pass.salt) = -m 1
*Set custom charset to lower, upper and digits = -1 ?l?u?d
*Set the right and left mask to the total of 8 character length (max length with --increment basically, using the custom charset of -1 that you defined) = ?1?1?1?1 ?1?1?1?1

Hope this helps Smile

#9
(01-27-2011, 10:50 AM)atom Wrote: 32 byte salt is not supported since v0.24. max 31 byte.
I had not realized about that change. If it is solely a question of performance, I'd rather have lower performance and be able to crack all the hashes than being limited to a selected few. Joomla hashes often comes with a 32 chars salt and it's the only algorithm that I know that uses MD5($pass.$salt) so mode 1 would become obsolete. Is it feasible to reinstate that length?

#10
i forgot about the joomla effect. you are right, they have 32 bytes. i will bring it back in next version. but yeah, it will require an additional if () so the performance will drop a little bit. its hard to say (in numbers) how much my guess is not more than 5%.