Hexadecimal Hashes (Sql Server varbinary)
#1
Hi guys, 
I'm new to Hashcat, but I've had some success with WPA2 cracking, so I'm looking to audit the security of our web app, but I'm struggling with the format of the hashes

Our logins are salted and hashed using https://github.com/Thashiznets/PWDTK.NET/, which I believe from reading the source code hashes to  PBKDF2-HMAC-SHA512


We're using 1000 iterations and the default salt length of 64. Once we've created the hashes, we're storing them along with the salts in a Sql server database in a varbinary field. This results in some pretty long values, and they are stored as hex prefixed with 0x. 

I'm popping these into a hashfile (still in hex, removing the 0x, although I've also tried with it still in place) in the format;

sha512:1000:<salt>:<hash> and then using the command;

hashcat -m 12100 hashfile dictionary

But I'm hitting line signature mismatches. I've looked at the example hashes for 12100, (which is where I got the hashfile format from), and the values in that sample look (to me!) to be base64 encoded. I've encoded each of the salts and hashes and re-ran, but then I'm getting line length exceptions. I've also noticed that the encoded values are MUCH longer than the sample hash. I can't seem to find any info on telling HC that the hashes are in hex format or had any success with seeing where I'm going wrong

Can anyone offer any advice or places to look for further info?
#2
Are you converting the decoded values to base64? Or just encoding the HEX representation? You need to be converting the actual values, not the HEX itself. This is typically not too difficult to do and if you only have a few hashes you can easily use an online tool to convert the data such as http://tomeko.net/online_tools/hex_to_ba...hp?lang=en
#3
(05-30-2018, 10:29 PM)Chick3nman Wrote: Are you converting the decoded values to base64? Or just encoding the HEX representation? You need to be converting the actual values, not the HEX itself. This is typically not too difficult to do and if you only have a few hashes you can easily use an online tool to convert the data such as http://tomeko.net/online_tools/hex_to_ba...hp?lang=en

Hey - thanks for the quick reply!

Good point on the encoding - I'm taking the raw hex, removing 0x and firing what's left at an online encoder...which now I think about it is never going to work if it thinks it's ascii! However, when I convert the varbinary to Ascii (UTF-8), I'm getting loads of non-printing characters....I'll try the converter you've linked and report back
#4
(05-30-2018, 10:29 PM)Chick3nman Wrote: Are you converting the decoded values to base64? Or just encoding the HEX representation? You need to be converting the actual values, not the HEX itself. This is typically not too difficult to do and if you only have a few hashes you can easily use an online tool to convert the data such as http://tomeko.net/online_tools/hex_to_ba...hp?lang=en

Hmmmm - that converter does give much more "sensible" results that I was seeing, but I'm still getting Lne length errors....
#5
Can you post an obfuscated hash example? Replace most of the hash with 00 or XX so it's within compliance with the forum rules. It's possible your settings have a long salt or something that is too much for the base hashcat format.
#6
(05-30-2018, 10:46 PM)Chick3nman Wrote: Can you post an obfuscated hash example? Replace most of the hash with 00 or XX so it's within compliance with the forum rules. It's possible your settings have a long salt or something that is too much for the base hashcat format.

Absolutely;

0xxxxxxxxxxx1F463ED058E3F83A0D5162472FA140973CF6E26E69EC3A2304B1A24E52A3A12EADBFxxxxxxxxxxx4004BBAD26B5EB2208A66AEDAB638xxxxxxxxxx - hash

0xxxxxxxxxxx968D3A219542B9FFB39A80900A3ACCB36F04B85C540E4F78032126E3159B6DA2EE1A1xxxxxxxxxxC000D006F71A08989EDD729C72DADxxxxxxxxxx  - salt

The hashfile I'm using is in the format;

sha512:1000:<salt>:<hash>

Cheers
#7
you will have to convert the hex to base64. The base64-string will be shorter than the hex-string when converted correctly.