Hash seems simple but i can't identify it
#1
Hello everyone, i m testing web application, and made an account with simple password and got a hash like this:
c2tuXllXXXXyXnXXdXXxajXjXXhXdz09
Then i made another account with the same password and got the same hash. I suppose there is no salt in it.
So i tried with hash-identifier (which showed me MD5 ) and HashID (which showed me DNSSEC NSEC3)
I proceeded with the hashcat and tried to "crack" it with the dictionary (my password in it):
Code:
hashcat -m 0 -a 0 -o found.txt --remove testmyhash.txt bigpass.txt


Quote:Input.Mode: Dict (bigpass.txt)
Index.....: 3/3 (segment), 960618 (words), 10499593 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 960618/960618 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--


with no results , also tried dictionary with only one password (correct one)


and i m confused. All right, maybe it is NSEC3 (that method looks very rare), and i need oclhashcat to "crack" that. Videocard only in my windows pc. I'm doing this:
Code:
cudahashcat64.exe -m 8300 -a 0 -o found.txt --remove testmyhash.txt bigpass.txt
,
but it keeps yelling at me:
Quote:WARNING: Hash 'testmyhash.txt' Line-length exception

Is there a method which helps me to identify hash algorithm if i know the password? Is it really NSEC3? Thanks in advance.
#2
Hash identification programs like HashID are worthless because the only hashes that can be positively identified are those that have signatures, and if a hash has a signature, you don't need some program to identify it. Hashes without signatures can quite literally be anything. There's an infinite number of possibilities. A string of 32 hex characters could literally be an infinite number of things. You're just going to have to make educated guesses. DNSSEC is not an educated guess.
#3
Thanks very much, i will try to guess changing the -m parameter in hashcat program.
#4
If you don't get anywhere try a simple script with your known password to test every mode hashcat does. If it's there, it'll find it. If not, then you have to use something else anyway.