Help me identify this salted hash?
#1
I got it from a MySQL5 database. I am a total novice as this stuff, so I need a bit of help

password: [40 character hash]
salt: [12 characters using letters and symbols like =|%$;]

I'm using cudahashcat and i thought the "MySQL4.1/MySQL5" would be the way to go, but aren't those hashes usually  unsalted?

I also tried to give the hash to onlinehashcrack.com and they were unable to crack it.

I was thinking it would be either: sha1($pass.$salt) sha1($salt.$pass), but I am unsure.

Thanks for the help
#2
You cannot use hashcat "MySQL4.1/MySQL5" mode because your hash is salted.

onlinehashcrack.com do not crack Salted Mysql.

You can try one of :
sha1($pass.$salt)
sha1($salt.$pass)
sha1($salt.$pass.$salt)

But the best try is to know how the hash was built, try to read the webapp source code.
#3
(01-17-2016, 08:32 PM)Mem5 Wrote: But the best try is to know how the hash was built, try to read the webapp source code.

Sorry, can you elaborate a bit on this? How could this tell me what formula was used?
#4
The application builds the hash. If you read the application source code, you will know which algo (mysql, sha1, etc) has been used, and how the salt+hash have been put together ($salt.$pass or $pass.$salt etc)