PeopleSoft with salt

[CracksforCrack]

Hey,

I'm testing a number of Peoplesoft hashes which hashcat takes in the expected format for -m 133, however mine are salted. The salts I have are 32 char strings, seemingly MD5? I've read that Peoplsoft salting is SHA-1 based (https://blog.gosecure.ca/2016/05/04/orac...terprises/)  which doesn't match with the salts I have but does anyone know a way in which I can process my salted hashes to re-generate without the salt so I can then feed back into hashcat?

A touch off pure hashcat issues I admit however wanted to see if anyone had any insight.

Many thanks.

[royce]

The salt is intrinsic to the hash. The only way to rework the salts would be if you already had the plain text password.

[CracksforCrack]

Appreciate the response, thanks.

[StaticFlow]

Sorry to revive this thread but it seemed better than starting a new one. Royce, is there a way to extract the salt out of the hash if you do know the Password. I am on an engagement and have a users hash, salt, and plaintext credentials as well as a large collection of hashes and salts from other users that seem to be PeopleSoft. I wanted to verify their hash type by running the known hash through hashcat with a dictionary containing only its password but I ran into the same issue of there not being a mode for salted PeopleSoft hashes.

Thank you for any info you have!