SHA1 - Unable to use MD5 as a password
#1
Is it correct functionality of hashcat that a password of 32 characters (MD5) cannot be used for SHA1 in hashcat?

I was trying to use md5's as potential passwords but found this limitation. Passwords of 31 characters are OK.

Is there any way around this?
#2
First, the limit on 31 is not true for all cases, there's ways to support up to 55: https://hashcat.net/wiki/doku.php?id=fre...ord_length

Anyway, to crack the supposed algorithm, use -m 4700 not -m 100
#3
Well if I understood your 1st post right you want to crack a SHA-1 hash which in plaintext is a 32 char long hex-string right?
You would have to use the attackmode 1 which is combinator, in this mode your plaintext can go up to 55 chars, as atom already linked.
#4
EDIT:
#5
(06-23-2016, 02:16 PM)zeroprobe Wrote: I split my MD5's in the middle.

Combination won't work, too many combinations. I got mixed up.

Is there any way to use a wordlist of md5 hashes as passwords for a SHA1?
#6
What if you take your MD5s, chop off the last character, and then use combinator to out it back on? Slow, but faster than anything else.
#7
why don't you just use -m 4700
#8
(06-25-2016, 10:52 AM)atom Wrote: why don't you just use -m 4700

Doesn't seem to crack with 4700. However taking off 1 character of the md5 password allows it.

Are you able to test? Do you have the same issue.
#9
see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#
#10
(06-26-2016, 10:14 AM)atom Wrote: see here:

Code:
root@ht:~/hashcat# echo -n test | md5sum                                                              
098f6bcd4621d373cade4e832627b4f6  -
root@ht:~/hashcat# echo -n 098f6bcd4621d373cade4e832627b4f6 | sha1sum
4028a0e356acc947fcd2bfbf00cef11e128d484a  -
root@ht:~/hashcat# ./hashcat -m 4700 4028a0e356acc947fcd2bfbf00cef11e128d484a -a 3 test --quiet
4028a0e356acc947fcd2bfbf00cef11e128d484a:test
root@ht:~/hashcat#

I understand now, hashcat will do the real time conversion of the passwords to MD5 to use against the SHA1.

I was using password lists of MD5s.