Identification of hash type.
#1
I was trying to figure out what below hash type it. Non of the hash identifiers could give me a clue, it also has a hash salt with it, but don't know in what format they both are being used. If anyone could help to identify is one?

This isn't real a used password and was only created for learning purpose.


HASH: REDACTED

HASH SALT: cHn[H#=8GSN3FLjU#j5l+^MpQVCEgJ%g
Reply
#2
It looks base64 encoded and missing the padding. If you base64 decode it, it returns a 512bit length 'hash'. however, without any more information (how the salt is used, which 512bit hash is used, etc) it will be very difficult to reverse engineer.

Also, if this isn't a 'real used password and was only created for learning purpose.' why not tell us what the password is? Perhaps set "hashcat" as the password and try sha512($salt . $pass) and sha512($pass . $salt) and see if that's it.
Reply
#3
I cannot reveal this one as it is one of my passwords used somewhere else, but I can create one for the test if that helps.

For example:
password: Password123
hash: 1NeXFGujmgkMtIfkntNPkeFKHYU1Dxf3GtK8/uGR8t3M4ouQoZob+VTjtzO4NIB9T4L9VEB0eFIA8jPdAO5cVg
hash salt: D}SAM}naWQNHtD1)JFOU*KfZF!0qydU.

(bty, full stop in hash alt is legit and is part of the salt)
Reply
#4
@Kangaroot: not wise to post your own password hash on these forums, especially if you're admitting to password reuse.

Anyway, with a proper hash:plain pair this is super simple to reverse engineer. As @DanielG mentioned this is base64 encoding with the padding stripped off. Add back the padding, re-encode as hex:

Code:
epixoip ~ $ echo -n 1NeXFGujmgkMtIfkntNPkeFKHYU1Dxf3GtK8/uGR8t3M4ouQoZob+VTjtzO4NIB9T4L9VEB0eFIA8jPdAO5cVg== | base64 -d | xxd -p -c 1024
d4d797146ba39a090cb487e49ed34f91e14a1d85350f17f71ad2bcfee191f2ddcce28b90a19a1bf954e3b733b834807d4f82fd544074785200f233dd00ee5c56

The salt doesn't appear to be encoded so we can assume it's a literal value.

So now we just start making logical guesses as to what the algorithm might be. First logical guess is sha512(pass.salt):

Code:
epixoip ~ $ echo -n 'Password123D}SAM}naWQNHtD1)JFOU*KfZF!0qydU.' | sha512sum
d4d797146ba39a090cb487e49ed34f91e14a1d85350f17f71ad2bcfee191f2ddcce28b90a19a1bf954e3b733b834807d4f82fd544074785200f233dd00ee5c56 *-

Aaaaand we have a winner.
Reply
#5
To wrap up, what will hashcat command look like in the end if it is sha512($pass . $salt)?
Reply
#6
We did the hard part for you. From here, everything is documented. Read the wiki, read the --help.
Reply
#7
Thank you for helping.
Reply