Noob asking for help MD5 ($salt.$pass)
#1
Hello,

some time ago I tested ocl-Hashcat for a brief while and actually managed to crack a hash. However, since then, I forgot a lot about how exactly I was able to do that.

I have a Linux MD5 right now ($salt.$pass) waiting to be cracked, but I want to be sure I am doing everything right.

NVIDIA GT 9400, cudahashcat 1.31 32-bit on Win, MD5 as above, brute-force only.

I remember reading somewhere that I have to convert the Linux MD5 password format to a hex one, so I used an online calculator to convert this:

root:$1$xxxxxxxx$xxx.XXXx.xxxXXXX:0:0::/root:/bin/sh

to that

xxxxxxx_salt_hex_xxxxxxx:xxxxxxxxxxx_pass_hex_xxxxxxxx

of course, only the "xxxxxxxx" and "xxx.XXXx.xxxXXXX" strings were taken into account when recalculating.

Next, I used the >cudahashcat32.exe -m 20 -a 3 passwd -o out.txt (MD5 salt.pass brute-force). Is the procedure above ok overall? Is Hashcat capable of processing /etc/passwd file directly, as John does?

Thanks in advance for your help.
#2
wait, you what?

just run it as $1$foo$bar with -m 500
#3
Thanks for the tip, tested and works - is the approach above (I mean the original one) completely wrong? It seems I did everything the 'around way' instead of a direct approach.

I got ~21k H/s using the -m 500 and about 27000k H/s using the -m 20. The former seems very slow compared to the MD5 oclHashcat benchmark I did (57000 kH/s). I guess I'm doing something wrong, just don't know what.

The 21kH/s command is:
cudahashcat32.exe -m 500 -a 3 $1$xxSALTxx$xxxxxPASSxxxxx -o found.txt

Thanks in advance for suggestions.
#4
-m 500 is an iterated algo, -m 20 is not and would not have worked.