Posts: 5
Threads: 1
Joined: Jan 2015
So first of all hi, I just want to say that im completely new to hashcat, and I noticed it's missing some docs... so that's why im here asking.
Recently I got a complete dump of a SQL members table (as of 13-01-2015) that contains lots of info but im particularly interested in 4 fields only: name (it's the username in fact), email, members_pass_hash and members_pass_salt.
The table itself comes from a site using IP.Board, so they store they passwords like this ( more info) :
Code: $hash = md5( md5( $salt ) . md5( $password ) );
Now, checking hashcat wiki I found one mode that's ALMOST the same, but concatenated in different order:
Code: 3910 = md5(md5($pass).md5($salt))
So my question is, is still possible to find those passwords? If so, how can I find them all at once? How would the args be?
Finally, if someone has some "newbie guides" or whatever, please link them
Regards.
Posts: 347
Threads: 3
Joined: May 2010
You didn't check enough :
Quote:2811 IPB2+, MyBB1.2+
Posts: 5
Threads: 1
Joined: Jan 2015
01-30-2015, 03:07 PM
(This post was last modified: 01-30-2015, 06:30 PM by philsmd.)
(01-30-2015, 02:17 PM)Xanadrel Wrote: You didn't check enough :
Quote:2811 IPB2+, MyBB1.2+
Oh, well... lol.
Another thing, how do I specify the salt to use? And once it finishes I'll obtain another md5 representing the real password, right?
Example data-set:
[all hashes remove by philsmd]
Posts: 2,267
Threads: 16
Joined: Feb 2013
01-30-2015, 04:43 PM
(This post was last modified: 01-30-2015, 04:47 PM by philsmd.)
(01-30-2015, 02:05 PM)N3HL Wrote: im completely new to hashcat, and I noticed it's missing some docs
Not at all, the docs are:
1. https://hashcat.net/wiki/
2. --help output of oclHashcat or cpu hashcat
3. forum search
For instance, the answer to your salt question can easily be answered by looking at this example hashes page:
https://hashcat.net/wiki/doku.php?id=example_hashes
And you (in almost all of the cases!) won't obtain a "new" MD5 hash from cpu hashcat / oclHashcat, but it will just tell you if the hash was cracked, i.e. if the matching password was found, and it will output the important data (*original* hash, salt, password etc). The output format can be adjusted with --outfile-format parameter, the default is hash:password or hash alt:password (if we speak about salted hashes).
Full information about the available output formats can be found by running cpu hashcat / oclHashcat with the --help switch.
Posts: 5
Threads: 1
Joined: Jan 2015
(01-30-2015, 04:43 PM)philsmd Wrote: (01-30-2015, 02:05 PM)N3HL Wrote: im completely new to hashcat, and I noticed it's missing some docs
Not at all, the docs are:
1. https://hashcat.net/wiki/
2. --help output of oclHashcat or cpu hashcat
3. forum search
For instance, the answer to your salt question can easily be answered by looking at this example hashes page:
https://hashcat.net/wiki/doku.php?id=example_hashes
And you (in almost all of the cases!) won't obtain a "new" MD5 hash from cpu hashcat / oclHashcat, but it will just tell you if the hash was cracked, i.e. if the matching password was found, and it will output the important data (*original* hash, salt, password etc). The output format can be adjusted with --outfile-format parameter, the default is hash:password or hashalt:password (if we speak about salted hashes).
Full information about the available output formats can be found by running cpu hashcat / oclHashcat with the --help switch.
Yeah, saw the examples for each mode, and finally got it to work, btw, one last thing, do you have some nice wordlists? I already searched but most links are down.
Posts: 2,301
Threads: 11
Joined: Jul 2010
Posts: 5
Threads: 1
Joined: Jan 2015
01-30-2015, 05:28 PM
(This post was last modified: 01-30-2015, 10:17 PM by epixoip.)
Thanks @undeath, pretty good wordlists. And now I promise this is the last thing xD
How can I associate usernames with passwords in one .txt file, because as for now I get (obviously) something like this:
<HASHES REMOVED>
Hash | Salt | Password
And to test some hashs I used a SQL statement to make my "hashs.txt":
Code: SELECT CONCAT(members_pass_hash, ":", members_pass_salt)
FROM members
LIMIT 300
INTO OUTFILE "hashs.txt"
But I'd like to end with one unique file with this format:
Username: %s - Password: %s
I used 300 rows to test hashcat, so far works great, now I have passwords but if I want to find the user I have to query my localhost each time, and start to build a custom .txt by hand ( and I have more than 250k rows !)
Posts: 2,267
Threads: 16
Joined: Feb 2013
01-30-2015, 05:45 PM
(This post was last modified: 01-30-2015, 06:06 PM by philsmd.)
you could use the --username switch of hashcat/oclHashcat.
input format (you must use the --username switch to crack the hashes):
username:hash alt
second step (after cracking); you can output it with --show --username
format can be adjusted with --outfile-format, for instance --outfile-format 2 --show --username will give you
username:password
Attention: --username --show currently only works and is supported by oclHashcat. cpu hashcat support for --show --username may or may not be added, depending on how many users care about adding it to trac and voting for this feature
You should be anyway be able to use oclHashcat to do this task
Posts: 5
Threads: 1
Joined: Jan 2015
01-30-2015, 06:18 PM
(This post was last modified: 01-30-2015, 06:29 PM by philsmd.)
(01-30-2015, 05:45 PM)philsmd Wrote: you could use the --username switch of hashcat/oclHashcat.
input format (you must use the --username switch to crack the hashes):
username:hashalt
second step (after cracking); you can output it with --show --username
format can be adjusted with --outfile-format, for instance --outfile-format 2 --show --username will give you
username:password
Attention: --username --show currently only works and is supported by oclHashcat. cpu hashcat support for --show --username may or may not be added, depending on how many users care about adding it to trac and voting for this feature
You should be anyway be able to use oclHashcat to do this task
Okay, I own an ATI Radeon R7 260 X so im downloading the AMD oclHashcat. Meanwhile, if you don't mind, could you explain me a bit more?
Now my input file looks like this:
Code: [ALL hashes removed by philsmd]|
Username | Hash | Salt
So if I use --username in first place it should generate the file ignoring the username in the beginning, but then when you say "second step (after cracking): you can output it with --show --username", what do you mean? I mean, the file is already done, so how would be this "second step". Or just using "--outfile-format 2 --show --username" from the start is enough? Sorry, it isn't clear for me.
Added by philsmd: everyone who posts hashes and hence does not adhere to the (accepted) forum rules ( https://hashcat.net/forum/announcement-2.html ) will be banned, it doesn't matter where the hashes come from (or if they were randomly generated etc)
Posts: 2,267
Threads: 16
Joined: Feb 2013
01-30-2015, 06:24 PM
(This post was last modified: 01-30-2015, 06:32 PM by philsmd.)
--show is always used to show the cracks for a specific oclHashcat session after the actual cracking process is done.
So it would look like this:
oclHashcat64.exe -m 2811 --username hashes.txt dict.txt
after that actual cracking process is finished, you display the cracks with --show:
oclHashcat64.exe -m 2811 --show --username hashes.txt
hmm I'm wondering why you are still not banned, since you did not follow the forum rules: https://hashcat.net/forum/announcement-2.html (which you did accept). Don't post hashes!
|