m 3800 with different starting and ending salts - how?
#1
There is a web-framework Yii, in which the password is hashed by the following algorithm:

Code:
md5( 'somekey' . $password . $email )

In the wiki, I found that option 3800 is best for brute force.
However, the hash example contains only one salt: 2e45c4b99396c6cb2db8bda0d3df669f:1234

How do I use different salts?

If I write in the hash-file 'somekey:19xxd6xx7exx1dxx0dxxc4xxccxx02xx:admin@*****.com', then I get the error message 'Token length exception'.
Reply
#2
mode 3800 only supports a single salt. You need to use mode 20 and create your attack in such a way that the email (second salt) is always appended to the actual candidate.
Reply
#3
Yes, with hash mode 20 everything worked out. I wrote down the email in a separate email.txt file and cracked the password with the following command:

Code:
hashcat64 -m 20 -a 1 pass.hash dict.txt email.txt

Thanks!
Reply