cracking salted SHA1
#11
(06-28-2018, 06:35 PM)undeath Wrote: don't use --hex-salt if your salt is not hex-encoded

how can i know if it hex-encoded or not ?
#12
Hmmmmmm
#13
I'm trying to crack SHA1 hashes that look like this:


Code:
0dbe0f2f378aa1861fcf30da82cc52f88fd7de1f:98bdb
a20a5b8cc122e89cbeff2447dda277c2ed93d4b0:db8eb
a20a5ca243c889f25953fc2ccae5da5430331e23:b8f43

It seems to me this is wrong for a hex encoded salt.  If it is a salt, I have no idea what it is.

Does anyone know what this odd sha1 format is?
#14
It does look like hex but I doubt that it is becuase true hex encoding would require an even number of characters as salt.
#15
(06-28-2018, 03:19 PM)fhd Wrote:
hi guys i can't find the right way to crack salted sha1 hashes , i triyed -m 120 , -m 110 and -m 130 . it always give me error massage like
 Hash-encoding exception ,
(Hashfile 'C:\hashcat-4.1.0\1.txt' on line 1 (9**...d59efda4793e68ad364dd9acfaaef***): Hash-encoding exception
Hashfile 'C:\hashcat-4.1.0\1.txt' on line 2 (47c23:...66a4af28aa8b7cd33f741d8b0d338d2c): Hash-encoding exception
Hashfile 'C:\hashcat-4.1.0\1.txt' on line 3 (85a21:...d51c1da06309ea161b24a6348cb59c90): Hash-encoding exception)


i think the problem is in the hashes file so i tried different formats like :

$9***b$8321515fd59efda4793e68ad364dd9acfaaef***
9***b:8321515fd59efda4793e68ad364dd9acfaaef***
8321515fd59efda4793e68ad364dd9acfaaef***:9***b
^i did hide some letters ^

i also tried different Encoding for the TXT file such as ANSI , UTF-8
Thanks.

Hi there, I ran into a similar problem.  With the first two demo hashes, remove the prepended data carefully.

If I understand this, the first two hashes might be SHA1 with salt or not.  So make them like this:

8321515fd59efda4793e68ad364dd9acfaaef***
8321515fd59efda4793e68ad364dd9acfaaef***

Perhaps the salts were prepended there, and if that is the case, put in this format:

8321515fd59efda4793e68ad364dd9acfaaef***:9***b
8321515fd59efda4793e68ad364dd9acfaaef***:9***b

The last hash looks more reasonable, if it's a sha1($salt$plain):

8321515fd59efda4793e68ad364dd9acfaaef***:9***b

It doesn't matter if the apparent hex chars don't quite stack up.  Sometimes, the hashing scheme does not convert the hash to binary first, then output hex encoded salt.  So the salts here are very likely just plain text salts that look like hex encoded salts with a char missing, like this sha1("91a2b".$pass).

Put your hashes in this format, on the assumption it's sha1($salt$plain) with the salt as plain chars:

8321515fd59efda4793e68ad364dd9acfaaef***:9***b  (in a file, e.g. hashes.txt)

Now you can use hashcat mode 120 sha1($salt$plain):

hashcat -a 0 -m 120 [other-options] hashes.txt wordlist.txt -r rules/best64.rule

for example, where wordlist.txt is your selection of passwords, e.g. rockyou or something, and stick in a rule file if you don't get much without one.  Rule files are very powerful.

Hashcat is smart enough not to make assumptions, even though it looks like a bad hex encoded salt.  So leave out options to specify hex encoding and just crack as usual.

Hope this helps...