Total Noob hoping for some Hashcat help.
#1
So I am very new to the world of hashcat, but I have a couple of hashes I was hoping someone could help with. No real malicious intent involved here, just trying to use hacking to improve my computer skills / job prospects and get out of the dead end job I'm in. I have a couple of {x-issha, 1024} target hashes which I believe is structured as pass.salt. I am trying to crack what the salt value is in each hash because I have a feeling it maybe a fixed value rather than randomized value.

I maybe completely off base here and my question maybe stupid or make no sense. But here goes...


So I wanted to first try a wordlist against the salt value and then try an incremental brute force attack, but I'm not sure how to structure things.

For the first one, does anyone know how I combine my (pass) value which is an SHA1 hash of the clear text password, with my wordlist of possible salts? Is it something like this:

hashcat -m 10300 -a 1 /root/Desktop/targethash /root/Desktop/passwordinSHA1 /root/Desktop/PossibleSalts


For the second one, does anyone know how I can combine my SHA1 password with an incremental brute force attack against the salt? Would it be something like this:

hashcat -m 10300 -a 3 -i /root/Desktop/Hashcat/TargetHashes /root/Desktop/Hashcat/PasswordSHA1?l?l?l?l?l?l?l?l


Thanks, any help would be appreciated. Feel free to mock if nothing I have said makes even the most remote sense.
Reply
#2
This completely makes no sense. In -m 10300 the salt is part of the hash.
Reply