05-30-2018, 10:22 PM
Hi guys,
I'm new to Hashcat, but I've had some success with WPA2 cracking, so I'm looking to audit the security of our web app, but I'm struggling with the format of the hashes
Our logins are salted and hashed using https://github.com/Thashiznets/PWDTK.NET/, which I believe from reading the source code hashes to PBKDF2-HMAC-SHA512
We're using 1000 iterations and the default salt length of 64. Once we've created the hashes, we're storing them along with the salts in a Sql server database in a varbinary field. This results in some pretty long values, and they are stored as hex prefixed with 0x.
I'm popping these into a hashfile (still in hex, removing the 0x, although I've also tried with it still in place) in the format;
sha512:1000:<salt>:<hash> and then using the command;
hashcat -m 12100 hashfile dictionary
But I'm hitting line signature mismatches. I've looked at the example hashes for 12100, (which is where I got the hashfile format from), and the values in that sample look (to me!) to be base64 encoded. I've encoded each of the salts and hashes and re-ran, but then I'm getting line length exceptions. I've also noticed that the encoded values are MUCH longer than the sample hash. I can't seem to find any info on telling HC that the hashes are in hex format or had any success with seeing where I'm going wrong
Can anyone offer any advice or places to look for further info?
I'm new to Hashcat, but I've had some success with WPA2 cracking, so I'm looking to audit the security of our web app, but I'm struggling with the format of the hashes
Our logins are salted and hashed using https://github.com/Thashiznets/PWDTK.NET/, which I believe from reading the source code hashes to PBKDF2-HMAC-SHA512
We're using 1000 iterations and the default salt length of 64. Once we've created the hashes, we're storing them along with the salts in a Sql server database in a varbinary field. This results in some pretty long values, and they are stored as hex prefixed with 0x.
I'm popping these into a hashfile (still in hex, removing the 0x, although I've also tried with it still in place) in the format;
sha512:1000:<salt>:<hash> and then using the command;
hashcat -m 12100 hashfile dictionary
But I'm hitting line signature mismatches. I've looked at the example hashes for 12100, (which is where I got the hashfile format from), and the values in that sample look (to me!) to be base64 encoded. I've encoded each of the salts and hashes and re-ran, but then I'm getting line length exceptions. I've also noticed that the encoded values are MUCH longer than the sample hash. I can't seem to find any info on telling HC that the hashes are in hex format or had any success with seeing where I'm going wrong
Can anyone offer any advice or places to look for further info?