02-28-2019, 01:48 AM
So I am very new to the world of hashcat, but I have a couple of hashes I was hoping someone could help with. No real malicious intent involved here, just trying to use hacking to improve my computer skills / job prospects and get out of the dead end job I'm in. I have a couple of {x-issha, 1024} target hashes which I believe is structured as pass.salt. I am trying to crack what the salt value is in each hash because I have a feeling it maybe a fixed value rather than randomized value.
I maybe completely off base here and my question maybe stupid or make no sense. But here goes...
So I wanted to first try a wordlist against the salt value and then try an incremental brute force attack, but I'm not sure how to structure things.
For the first one, does anyone know how I combine my (pass) value which is an SHA1 hash of the clear text password, with my wordlist of possible salts? Is it something like this:
hashcat -m 10300 -a 1 /root/Desktop/targethash /root/Desktop/passwordinSHA1 /root/Desktop/PossibleSalts
For the second one, does anyone know how I can combine my SHA1 password with an incremental brute force attack against the salt? Would it be something like this:
hashcat -m 10300 -a 3 -i /root/Desktop/Hashcat/TargetHashes /root/Desktop/Hashcat/PasswordSHA1?l?l?l?l?l?l?l?l
Thanks, any help would be appreciated. Feel free to mock if nothing I have said makes even the most remote sense.
I maybe completely off base here and my question maybe stupid or make no sense. But here goes...
So I wanted to first try a wordlist against the salt value and then try an incremental brute force attack, but I'm not sure how to structure things.
For the first one, does anyone know how I combine my (pass) value which is an SHA1 hash of the clear text password, with my wordlist of possible salts? Is it something like this:
hashcat -m 10300 -a 1 /root/Desktop/targethash /root/Desktop/passwordinSHA1 /root/Desktop/PossibleSalts
For the second one, does anyone know how I can combine my SHA1 password with an incremental brute force attack against the salt? Would it be something like this:
hashcat -m 10300 -a 3 -i /root/Desktop/Hashcat/TargetHashes /root/Desktop/Hashcat/PasswordSHA1?l?l?l?l?l?l?l?l
Thanks, any help would be appreciated. Feel free to mock if nothing I have said makes even the most remote sense.