SHA256 w/ Custom Salt
#1
I have a hash that was created from CakePHP SimplePasswordHasher class using sha256.

This class sets a salt in a cfg file.  In my case the salt looks something like this:

DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup

The hashed password looks something like this:

54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d

I know the actual password, I am simply trying to understand how to have hashcat crack the password using the configured salt.  the salt looks encoded to some extent too, which is adding confusion.  The salt is setup in a simple config file in the filesystem.

I tried throwing the known password into a file (real.password) and the hashed password into a file (hash.password) and running:

Code:
# hashcat64.bin -m 1410 -a 0 hash.password real.password

I also tried appending the salt to the hashed password with a . separator.  

No luck thus far.

Code:
WARNING: Hashfile 'hash.password' on line 1 (54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d.DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup): Separator unmatched

...or...

Code:
WARNING: Hashfile 'hash.password' on line 1 (54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d): Line-length exception

My assumption is that I am either setting the has incorrectly and/or the hash is in an invalid format.
#2
(08-26-2016, 09:04 PM)msf004 Wrote: I have a hash that was created from CakePHP SimplePasswordHasher class using sha256.

This class sets a salt in a cfg file.  In my case the salt looks something like this:

DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup

The hashed password looks something like this:

54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d

I know the actual password, I am simply trying to understand how to have hashcat crack the password using the configured salt.  the salt looks encoded to some extent too, which is adding confusion.  The salt is setup in a simple config file in the filesystem.

I tried throwing the known password into a file (real.password) and the hashed password into a file (hash.password) and running:

Code:
# hashcat64.bin -m 1410 -a 0 hash.password real.password

I also tried appending the salt to the hashed password with a . separator.  

No luck thus far.

Code:
WARNING: Hashfile 'hash.password' on line 1 (54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d.DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup): Separator unmatched

...or...

Code:
WARNING: Hashfile 'hash.password' on line 1 (54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d): Line-length exception

My assumption is that I am either setting the has incorrectly and/or the hash is in an invalid format.

https://hashcat.net/wiki/doku.php?id=example_hashes

and its telling u Separator unmatched


54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d:DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup
#3
(08-26-2016, 10:46 PM)kiara Wrote: https://hashcat.net/wiki/doku.php?id=example_hashes

and its telling u Separator unmatched


54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d:DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup

Thank you for the reply.  My error does change when I use the proper separator.  However, now my error is:

Code:
WARNING: Hashfile 'hash.password' on line 1 (54800209da18376ee8251f509c112ac13c7cbb9b480e440f9f60cb184999482d:DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup): Line-length exception

It would appear that salt value is too long, maybe?  :

DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup

I have spent a few hours tonight trying to understand how CakePHP hashes/salts the passwords.  By what I read it is straight-forward in using sha-256 and applying the salt.  However, I cannot get my controlled test to crack the known password.
#4
http://book.cakephp.org/3.0/en/core-libr...y::decrypt
#5
(08-27-2016, 02:22 PM)kiara Wrote: http://book.cakephp.org/3.0/en/core-libr...y::decrypt

Thanks - that is the page I have been referencing without success.  I cannot figure out if the salt is truly keyed with the cipher in first place.   My config file has:

Code:
/**
 * A random string used in security hashing methods.
 */
Configure::write('Security.salt', 'DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup');

/**
 * A random numeric string (digits only) used to encrypt/decrypt strings.
 */
Configure::write('Security.cipherSeed', '76859309657453542496649683645279872958772846');


I have also attempted to write a function to decypher the salt...being the Security::decrypt method is supposed to decrypt strings that have been encrypted with the key:


Code:
$mysalt = Configure::read('Security.salt');                
$myseed = Configure::read('Security.cipherSeed');

echo "mysalt = " . $mysalt . "\n";
echo "myseed = " . $myseed . "\n";

$nosecret = Security::decrypt($mysalt, $myseed);
echo "nosecret = " . $nosecret . "\n";

...but nothing is returned.  Thus, I have not yet figured out if the salt has been encrypted with the key.
#6
https://hashcat.net/wiki/doku.php?id=fre...alt_length
#7
(08-27-2016, 11:03 PM)atom Wrote: https://hashcat.net/wiki/doku.php?id=fre...alt_length

Hi Atom,

Are you suggesting I request a new feature or were you simply pointing me to the max salt of 31 chars?

I am still confused if 'DYhG93b0qyJfIxfs1guVoUubWwvniR2G0FgaC9mi-aoyioueryiqyeryuwry-allup' is truly the salt that was used.  That seems ridiculously long for a salt...but maybe that is the salt that was used.  I have not yet figured this out.

Thanks,
msf004
#8
SO I ran some tests and I have determined that long string IS the salt. Bummer.
#9
Right. So the next step would be: https://hashcat.net/wiki/doku.php?id=fre...plish_this
#10
(08-28-2016, 02:19 AM)msf004 Wrote: SO I ran some tests and I have determined that long string IS the salt.  Bummer.

try to use hash manager from insidepro , perhaps the salt limit is higher, dont ask me how to use it, i dont know, never tried it