hashcat Forum Support hashcat v
Bruteforce partial HASH SHA1

Thread Closed 
Threaded Mode
Bruteforce partial HASH SHA1
Stown Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Sep 2018
#1
09-08-2018, 03:53 AM
hello!
Please advice, i want to find binary password that will produce specific bytes of SHA1 hash
Where to change code in .CL modules to allow compare only first 8 bytes of SHA1 hash?

for example

running hashcat -m 100 -a 3 my.hash ?b?b?b?b?b
i have my.hash with
1122334455667788A1A2A3A4A5A6A7A812345678
and i want to find all 5-byte passwords where  hash will match first 8 bytes of hash
i.e. SHA1(pw5bytes) == [1122334455667788]

Thanks for helping.
Find
atom Offline
Administrator
*******
Posts: 5,185
Threads: 230
Joined: Apr 2010
#2
09-08-2018, 10:59 AM (This post was last modified: 09-08-2018, 11:00 AM by atom.)
This is not support by default with hashcat, but it's pretty easy to hack hashcat to do it. 

I've attached a diff to do so. Make sure to clean old objects and cached kernels, too.

Quote:$ make clean
$ rm -rf kernels
$ git reset --hard
$ git checkout 477216ccdbc5fb9600a5092c269abebf4156b6b5
$ git apply git_apply.txt
$ make

After modifications the original password should, by design, still crack it:

Quote:$ echo -n password |sha1sum 
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8  -
$ cat > hash
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
$ ./hashcat -m 100 hash -O -a 3 -w 3 password --potfile-disable --self-test-disable --quiet
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8:password

So if this works you're ready to run:

Quote:$ ./hashcat -m 100 hash -O -a 3 -w 3 ?b?b?b?b?b --potfile-disable --self-test-disable 

Since the keyspace (2^40) of your mask is below the hash output size (2^64) there's no guarantee you will find a collision, except if the hash was actually created with a 2^40 password.

Also note that the modification for the kernel was only made for optimized -m 100 kernel in brute-force mode for single hashes. If you need other attack-modes etc you have to patch them as well.


Attached Files
.txt   git_apply.txt (Size: 2.07 KB / Downloads: 215)
Website Find
Stown Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Sep 2018
#3
09-08-2018, 02:04 PM
Hi!
Thanks a lot, seems working. Yes, hash created exactly from 40 bits.
Even without touching interface.c (is important to place all 4 parts of digest?)
And, please, another question, how to modify to get all possible collisions in keyspase 2^40 ? to not break at first one.
Cause is in example above it found first resut and stops immediately.
Find
undeath Offline
Sneaky Bastard
******
Posts: 2,301
Threads: 11
Joined: Jul 2010
#4
09-08-2018, 03:44 PM
use --keep-guessing
Find
Thread Closed