01-21-2018, 11:06 PM
Hi,
I'm trying to extract user and pass of a application for try to convince my boss to use https instead http. The application have a form that login with http server.
I'm trying to sniff traffic and capture data with wireshark to get user/pass authentication:
I see these in wireshark:
Since the user I login is david (I know also the password), I understand than the code 5D2F8..... is the hash password. I've used hashid and it says me:
So I use hashcat but I can't get nothing:
Could you help me please? I'm trying to understand but I'm newbie and is difficult to me. Many thanks and sorry for my English!
I'm trying to extract user and pass of a application for try to convince my boss to use https instead http. The application have a form that login with http server.
I'm trying to sniff traffic and capture data with wireshark to get user/pass authentication:
I see these in wireshark:
Code:
[1,"UserSession:IDL_Register",1,0,{"1":{"str":"david"},"2":{"str":"|GSR|WIN-56DQT3UEU2J|3740|1516566386|ChallengeSIDStr|2:5D2F8D5A0E07E4C3C4E97990E5CE2A7C452DEEDDA43D52BF99AD9F47735FC4D675A3F62FF4FC028679BC06E78EA1B34F91DF9C5214F4F9C60E6E4124FXXXXXXX"},"3":{"str":"CLIENTE"},"4":{"str":"user"},"5":{"str":"GUI"},"6":{"str":"9.0.18.000"},"7":{"i64":600}}]HTTP/1.1 200 OK
Since the user I login is david (I know also the password), I understand than the code 5D2F8..... is the hash password. I've used hashid and it says me:
Code:
Possible Hashs:
[+] SHA-512
[+] Whirlpool
So I use hashcat but I can't get nothing:
Code:
C:\Users\pc\Downloads\hashcat-4.0.1\hashcat-4.0.1>hashcat64.exe -m 1700 -a 0 --opencl-device-types 1,2 5D2F8D5A0E07E4C3C4E97990E5CE2A7C452DEEDDA43D52BF99AD9F47735FC4D675A3F62FF4FC028679BC06E78EA1B34F91DF9C5214F4F9C60E6E4124FXXXXXXXX
hashcat (v4.0.1) starting...
* Device #1: Intel's OpenCL runtime (GPU only) is currently broken.
We are waiting for updated OpenCL drivers from Intel.
You can use --force to override, but do not report related errors.
* Device #3: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: Intel(R) Corporation
========================================
* Device #1: Intel(R) HD Graphics 530, skipped.
* Device #2: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz, 4060/16242 MB allocatable, 8MCU
OpenCL Platform #2: NVIDIA Corporation
======================================
* Device #3: GeForce GTX 950M, 1024/4096 MB allocatable, 5MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
* Uses-64-Bit
Password length minimum: 0
Password length maximum: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastical reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger disabled.
Starting attack in stdin mode...
Session..........: hashcat
Status...........: Running
Hash.Type........: SHA-512
Hash.Target......: 5d2f8d5a0e07e4c3c4e97990e5ce2a7c452deedda43d52bf99a...XXXXXX
Time.Started.....: Sun Jan 21 22:01:55 2018 (10 secs)
Time.Estimated...: Sun Jan 21 22:02:05 2018 (0 secs)
Guess.Base.......: Pipe
Speed.Dev.#2.....: 0 H/s (0.00ms)
Speed.Dev.#3.....: 0 H/s (0.00ms)
Speed.Dev.#*.....: 0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Candidates.#2....: [Copying]
Candidates.#3....: [Copying]
HWMon.Dev.#2.....: N/A
HWMon.Dev.#3.....: Temp: 54c Util: 0% Core: 993MHz Mem:1001MHz Bus:16
NvAPI_GPU_GetPerfPoliciesInfo(): NVAPI_ERROR
NvAPI_GPU_GetPerfPoliciesStatus(): NVAPI_ERROR
Could you help me please? I'm trying to understand but I'm newbie and is difficult to me. Many thanks and sorry for my English!