hashcat Forum Support hashcat v
decryption problem with enctype 7500

Thread Closed 
Threaded Mode
decryption problem with enctype 7500
lily~hashcat Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Feb 2017
#1
02-20-2017, 04:28 AM
I try to use cudaHashcat 1.35 to decrypt two hash of the encryption type 7500(kerberos 5 AS-REQ-Pre-Auth etype 23). The first hash(signed as hash1) comes from the hashcat forum and I use the command '$krb5pa$23$user$realm$salt$hash1' to decrypt it. The second hash(signed as hash2 ) comes from my experinment: I use wireshark to get the kerberos 5 AS-REQ pack, then pick up the enc PA-ENC-TIMESTAMP as the second hash. Also, I use the command '$krb5pa$23$user$realm$salt$hash2' to decrypt it. The first hash can be decrypted successfully butĀ  I failed to decrypt the second hash. What should I do?
Find
epixoip Offline
Legend
******
Posts: 2,936
Threads: 12
Joined: May 2012
#2
02-20-2017, 05:15 AM
v1.35 was released 2 years ago, and cudaHashcat doesn't even exist anymore. Upgrade to hashcat 3.30 or newer before reporting any bugs or errors.
Find
lily~hashcat Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Feb 2017
#3
02-24-2017, 11:58 AM
Follow the above suggestion, I tried hashcat 3.30. However the problem can't be solved yet. Here is hash1 used in my testcase:
$krb5pa$23$user21$realm22$salt1234$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835. It is from the hashcat forum.
This is hash2:
$krb5pa$23$user21$realm22$salt1234$5c7698871dc87e96aacd8a94614a48b327bf06b64879150a863ba8246f50f70eda670b1b1370d7d5a2aa81487603b3de31e3024d. I copied it from the keberos AS-REQ package.
What should i do now?
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#4
02-25-2017, 12:07 PM
I think you need to update the salt as well
Website Find
lily~hashcat Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Feb 2017
#5
02-27-2017, 03:18 AM
I find that if I change the value of the "user", "realm" and "salt" at will in hash1, it can still be decryted successfully. So there are two another questions. First, does the decryption of kerberos enctype 23 need a salt? Second, If it needs a salt, where can I find it in the kerberos AS-REQ package?
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#6
02-27-2017, 12:14 PM
Yes, it's salted. See: https://hashcat.net/wiki/doku.php?id=example_hashes

I don't know about that kerberos AS-REQ package you're talking about.
Website Find
lily~hashcat Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Feb 2017
#7
02-28-2017, 05:43 AM
The AS-REQ package is one of the message types of kerberos protocol during the authentication. I get it from the network which takes kerberos as its authentication way by using wireshark. Then I pick up the '
enc PA-ENC-TIMESTAMPĀ ' in this package as the input hash of the algorithm of 7500 to decrypt. Also, I can find other corresponding parameters include 'user' and 'realm' in the AS-REQ package. But I haven't found the 'salt'. So, where can i find the corresponding salt of the input hash?
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#8
02-28-2017, 09:32 PM
I don't know how the hash is extracted, but I know it's salted.
Website Find
Thread Closed