GHash
#1
From what I can tell, hashcat does not have a module for G-Hash-32. Does anyone know of a program than can encrypt (e.g. for use in a known plain text attack) or crack G-Hash-32 hashes? I am trying (with permission) to crack password hashes from an IBM 4690 OS version 6 enhanced. Based on parsing the adxcsouf.dat file, it appears that this OS has switched from using adxcrypt or sha1 to G-Hash-32
Reply
#2
what is G-Hash-32?
Reply
#3
(08-07-2018, 11:42 PM)undeath Wrote: what is G-Hash-32?

The format of the password file appears to be a space / tab delimited  list of numerical user ID followed by an eight digit numerical hash. All hashes are in the mask format ?d?d?d?d?d?d?d?d
 
I was able to get access to a test users in order to compare known and cipher text passwords.
 
Known plain text = 30
Cipher text =43891846
 
Known plain text = 31
Cipher text =43691826
 
Known plain text = 32
Cipher text = 43391806
 
When I initially feed the cipher text to Blackploit’s Hash_ID.py (v1.1) it suggested GHash-32-5 and GHash-32-3 as possible hash formats.
 
Thanks for the link to Nitrxgen  http://www.nitrxgen.net/hashgen/. It looks like a very usueful tool. Based on my known inputs the hashes don’t match Ghash v3 or Ghash v5.
 
I found a file hashing tool (http://rehash.sourceforge.net/rehash.html) that seems to support GHash-32-3, GHash-32-5. I tried setting a file’s contents to “32” and calculating the ghash of the file with rehash. The result was different than Nitrxgen and didn’t match the cipher text.
 
At this point I’m not sure if the hash really is ghash or not. I am going to play with the numbers in Mathematica a bit to see what I can come up with.
Reply
#4
Don't blindly trust "hash identificators". They just wildly guess. In cases of raw hashes it's an impossible job. If you want to find the correct hash algorithm read documentation or reverse engineer the software.
Reply
#5
> The format of the password file appears to be a space / tab delimited list of numerical user ID followed by an eight digit numerical hash.

Are the different numerical user IDs separated from each other via newlines?
Reply