Need help with redmine hashes
#1
Greetings All,

I am a total hashcat newbie As I am running Redmine on my server and I wanted to perform a security audit to see if I could crack some passwords of my users. I realized that hashcat 0.47 supports redmine hashes.

I just do not know what the right syntax to use? and how should i put redmine's passwords and salts? would it be like passConfusedalt ?

Any tips would be highly appreciated.
Thanks
#2
https://hashcat.net/wiki/
#3
Thank you, i have checked the wiki and viewed its exampls.

I ran
Code:
hashcat-cli64.exe -m 7600 pass.txt common-pass2.txt -o cracked.txt

and i got:
Code:
unknown hash_mode: 7600

Would you advice?
#4
I don't know which hashtype you want to crack, but i can say you, that -m 7600 doesn't exists.
Look here and search for your hashtype : https://hashcat.net/wiki/doku.php?id=example_hashes
#5
(02-05-2014, 04:42 PM)TrAnn3l Wrote: I don't know which hashtype you want to crack, but i can say you, that -m 7600 doesn't exists.
Look here and search for your hashtype : https://hashcat.net/wiki/doku.php?id=example_hashes

look again
#6
I can confirm that there was a slight problem w/ the hash type number of redmine hashes...
Next version will work w/ -m 7600 but it doesn't work w/ current release version because of that slight hash type numbering problem.

I added a sample hash to the wiki: http://hashcat.net/wiki/doku.php?id=example_hashes
The algo is btw: sha1 ($salt . sha1 ($pass))

Next release will include the fix.

Thx for reporting @boxed
#7
Thank you all for the tips and hints. And will be waiting for the new release.