where did hashcat get the hashtype?

[matt99]

Just a simple question: Where did hashcat get the hashtype?
So, i have a simple command. Something like

Code:

hashcat example.hash example.dict

And in my example.hash are md5 hashes - does hashcat know the hashtype because of the specific pattern of md5? What if my example.hash only holds sha256 hashes - here the same? Does this mean, i don't need to give hashcat a parameter for the hashtype?
Sorry for the weird question.

[philsmd]

No, hashcat doesn't guess the hash type.
As many "hash identification" projects show, there is no such think as 100% knowing which hash type the input is from a random set of some (hex) bytes.
It only works if the "hash" input has a signature like "$7z$" for -m 11600 = 7-Zip.

But hashcat doesn't even try to search for signature.

The only thing it has, is a default hash type. Which is... well, MD5 (-m 0 = MD5).
But this isn't pullet proof either, there are other hashes that have exactly the same length and format like MD5.

So, the short answer is: just always specify the "-m" parameter. The only valid reason to omit is if you are an advanced user and know that the default is MD5 and that the hash/hashes are all MD5 hashes.

[matt99]

Thanks for the answer. I was wondering, because i tested this before with

Code:

hashcat example.hash example.dict

-> one try with a md5-hashlist and one try with a sha256-hashlist (the input of these hash-lists was the same textfile). And everytime, hashcat could give me the plaintext of these passwords. And i never specified the -m parameter.

[atom]

Sure not, if you try to load a sh256 hash without setting -m hashcat will give you a line length exception.