SHA1 Customized Algorithm
#1
Hello Guys,

I will try to keep this Question short.

I am running a GameServer which uses SHA1 Password Encryption.
The Salt of the SHA1 Hash is the Uppercase Username.
I now have a Mysql Database running that i would extract the usernames and the passwords of.
I now want to test the passwords of the Gaming accounts to send users with a weak password an email to change it.

Which would end up in the following short form:
Mysql: SELECT SHA1(CONCAT(UPPER(`username`), ':', UPPER(<pass>)));

Hashcat:
sha1(strtoupper($username).":".strtoupper($pass))

Am i able to somehow implement this Algorithm into Hashcat, and read the username and passwords for the calculating process from a txt file based on username:password?

Thank you for your Support and Help :)
#2
save the hashes as
hash:USER:
(notice the trailing colon)
and use a rule to ensure every password is only tested in upper case.
then you can use sha1(salt.pass)
#3
Thank you for this helpful reply Smile

Could you give me a hint on the Rule?
What should it look like?

I now have a Text File with the format:
hash:USER:

But because of Mode Number 110 sha1(pass.salt) i have to use hashcat-lite, how to i use a txt file as an input?
-o is outfile, but is there nothing like specifing an input txt file instead of one hash?
--------------------------------------------------------------------------------------------------------------

So what i figured out now is:
hashcat-lite doesn't support a whole file with hashes to be passed to it
hashcat-lite does support mode number 110

but hashcat-plus does support rules
and hashcat-plus does support a file with hashes for input
but no mode number 110

What should i do now?
#4
looks like the next release of hashcat-plus will support -m 110. no clue when that's coming out. in the mean time, i believe other hash cracking tools support sha1(salt.pass)
#5
Thank you for the reply, then i guess i will have to try out other tools and/or wait for the next release, hopefully it will come out soon Smile
#6
will be included in next oclhashcat-plus