How to crack AEM/CQ sha256 hash?

[cybhashcat]

Hey guys,
in AEM (Adobe Experience Manager), I can see the the following data on every app user:
rep:password "{SHA-256}fe90d85cdcd7e79c-1000-ef182cdc47e60b472784e42a6e167d26242648c6b2e063dfd9e27eec9aa38912"

the actual password in this case is: "Aa12345678!@"

how do i put this into Hashcat? do i need to change/rewrite the format? which module do i use?

thanks!

[undeath]

first you need to find out how exactly the hash is generated

[DanielG]

Having never used Adobe Experience Manager, I googled and saw on http://experience-aem.blogspot.nl/2014/0...gging.html that you can change the hashing from SHA-256 to SHA-512 which also shows an interesting image with the following information:

Hash Algorithm: in this case SHA-256
Hash Iterations: 1000
Hash Salt Size: 8

This seems to be correlated with your hash {SHA-256}fe90d85cdcd7e79c-1000-ef182cdc47e60b472784e42a6e167d26242648c6b2e063dfd9e27eec9aa38912

If this is correct then you would need to find an algorithm on https://hashcat.net/wiki/doku.php?id=example_hashes where you can give a salt and iterations for SHA-265. Maybe sha256crypt $5$, SHA256 (Unix) (only available in oclhashcat unfortunately)? I'm not sure yet.

[undeath]

It could also be some custom scheme. There is an unlimited number of ways to do salted iterated hashing.

[DanielG]

I tried the following schemes (with different iterations), but no luck:

• most likely, sha_265(salt+password) then rehash the hash 1000 times
  
• most likely too, sha_265(password+salt) then rehash the hash 1000 times
  
• less likely sha_265(password) then rehash the hash 1000 times prepending salt every time
  
• less likely sha_265(password) then rehash the hash 1000 times appending salt every time
  
• even less likely sha_265(salt) then rehash the hash 1000 times prepending password every time
  
• even less likely sha_265(salt) then rehash the hash 1000 times appending password every time
  
• same scenario's as above, but instead of using the raw bytes from the hash, print it as 'hex string' (very unlikely)
  

I have added the python code to replicate if you want different schemes. 
I used the 'default' password of admin from this script: https://gist.github.com/andrewmkhoury/da...50d4d83795

Code:

import hashlib

# {SHA-256}a9d4b340cb43807b-1000-33b8875ff3f9619e6ae984add262fb6b6f043e8ff9b065f4fb0863021aada275
# https://gist.github.com/andrewmkhoury/da868236e16a2415439b7750d4d83795, reset account admin to password admin

password = b'admin'
salt = bytearray.fromhex("a9d4b340cb43807b")
thehash = "33b8875ff3f9619e6ae984add262fb6b6f043e8ff9b065f4fb0863021aada275\n"
iterations = 1001

#most likely, sha_265(salt+password) then rehash the hash 1000 times
m = hashlib.sha256()

m.update(salt)
m.update(password)

for i in range(iterations):
    m.update(m.digest())

print m.hexdigest()
print thehash

#most likely too, sha_265(password+salt) then rehash the hash 1000 times
m = hashlib.sha256()

m.update(password)
m.update(salt)

for i in range(iterations):
    m.update(m.digest())

print m.hexdigest()
print thehash

#less likely sha_265(password) then rehash the hash 1000 times prepending salt every time
m = hashlib.sha256()

m.update(password)

for i in range(iterations):
    m.update(salt)
    m.update(m.digest())

print m.hexdigest()
print thehash

#less likely sha_265(password) then rehash the hash 1000 times appending salt every time
m = hashlib.sha256()

m.update(password)

for i in range(iterations):
    m.update(m.digest())
    m.update(salt)

print m.hexdigest()
print thehash

#even less likely sha_265(salt) then rehash the hash 1000 times prepending password every time
m = hashlib.sha256()

m.update(salt)

for i in range(iterations):
    m.update(password)
    m.update(m.digest())

print m.hexdigest()
print thehash

#even less likely sha_265(salt) then rehash the hash 1000 times appending password every time
m = hashlib.sha256()

m.update(salt)

for i in range(iterations):
    m.update(m.digest())
    m.update(password)

print m.hexdigest()
print thehash

#from here the same scenario's as above, but instead of using the raw bytes from the hash, print it as 'hex string' (very unlikely)
m = hashlib.sha256()

m.update(salt)
m.update(password)

for i in range(iterations):
    m.update(m.hexdigest())

print m.hexdigest()
print thehash

m = hashlib.sha256()

m.update(password)
m.update(salt)


for i in range(iterations):
    m.update(m.hexdigest())

print m.hexdigest()
print thehash

m = hashlib.sha256()

m.update(password)

for i in range(iterations):
    m.update(salt)
    m.update(m.hexdigest())

print m.hexdigest()
print thehash

m = hashlib.sha256()

m.update(password)

for i in range(iterations):
    m.update(m.hexdigest())
    m.update(salt)

print m.hexdigest()
print thehash

m = hashlib.sha256()

m.update(salt)

for i in range(iterations):
    m.update(password)
    m.update(m.hexdigest())

print m.hexdigest()
print thehash

m = hashlib.sha256()

m.update(salt)

for i in range(iterations):
    m.update(m.hexdigest())
    m.update(password)

print m.hexdigest()
print thehash

edit: had to change tabs into spaces because this forum removed the tabs

[royce]

Looks like this is the same as:

https://github.com/magnumripper/JohnTheRipper/pull/3240

... so John the Ripper (jumbo edition) may have it soon?