How does one crack Pbkdf2 w/hashcat?
#1
Hello cats,

I have to recover hashes, hashed with this algorithm:
https://searchcode.com/codesearch/view/15603014/

Hond, 14[redacted]03, $p5v2$AcnbOh0MY$qREO3rp[redacted]RAzN4Mg1T4cAvP

PHP Code:
  protected $_algo 'sha256';
 
       // PKCS #5, version 2
 
       // Python implementation uses $p5k2$, but we're not using a compatible
       // string. https://www.dlitz.net/software/python-pbkdf2/
       $output '$p5v2$'


How would I crack $p5v2$AcnbOh0MY$qREO3rp[redacted]RAzN4Mg1T4cAvP alike hashes with the stable hashcat version?

Thanks,
Hond
Reply
#2
well, you should at least tell us the password, otherwise it's both against the forum rules and impossible for us to know how to test / verify it.

I would say that looking at the code here https://github.com/rchouinard/phpass/blo...se.php#L51 and the base64 table here https://github.com/rchouinard/phpass/blo...se.php#L51

it should be some conversation along the lines of this script (not verified, because I have no example hash with which I could test this conversation to -m 10900 = PBKDF2-HMAC-SHA256 :

update: improved version of the script posted below

again this PHP code is untested and could need some slight modification
furthermore you should tell us the password ASAP otherwise we would need to ban you
Reply
#3
I do not have the full password no more, it's probably something like [redacted]
The codebase is currently being restored from the HDD by a specialized company, I do know this we implemented the PHPAss class before those changes:

https://github.com/rchouinard/phpass/com...c7fc21ff49
Reply
#4
I just did clone the repository and checked out the version that you linked in your first post:
Code:
git clone https://github.com/rchouinard/phpass
cd phpass/
git checkout 121233fb49db4d929de17187f5c18351f647d0eb
cd library/

after that you can generate some hashes like this:
PHP Code:
<?php
require ('Phpass.php');

$adapter = new \Phpass\Hash\Adapter\Pbkdf2 ();

echo 
$adapter->crypt ("hashcat"'$p5v2$AlBIznIq2$') . "\n"

with this script I've generated this hash:
Code:
$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L
the password is hashcat

with this improved version of my previously posted script we can convert this hash to a supported hash by hashcat:
PHP Code:
<?php

# $p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L => sha256:4096:bEJJem5JcTI=:mvW7jv+5py4wiLhB7AnGUN3xJmKw6Z1c

// Author: philsmd
// Date: June 2019
// License: public domain, credits go to philsmd and hashcat

$base64 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
$itoa64 './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

function 
convert_base64 ($input)
{
  global 
$base64;
  global 
$itoa64;

  
$input_len strlen ($input);

  if ((
$input_len 4) != 0)
  {
    return 
"";
  }

  
$input_len_div4 = (int) $input_len 4;

  
$reverse "";

  for (
$i 0$i $input_len_div4$i++)
  {
    
$reverse .= strrev (substr ($input$i 44));
  }

  
$tmp "";

  for (
$i 0$i $input_len$i++)
  {
    
$idx strpos ($itoa64$reverse[$i]);

    
$tmp .= substr ($base64$idx1);
  }

  
$decoded base64_decode ($tmp);

  
$tmp "";

  for (
$i 0$i $input_len_div4$i++)
  {
    
$tmp .= strrev (substr ($decoded$i 33));
  }

  
$output base64_encode ($tmp);

  return 
$output;
}

#
# Start
#

$phpass_hash '$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L';

$cost_factor substr ($phpass_hash61);

$idx strpos ($itoa64$cost_factor);

$iterations pow (2$idx);

$salt   base64_encode (substr ($phpass_hash78));
$digest convert_base64 (substr ($phpass_hash16));

echo 
"sha256:$iterations:$salt:$digest\n"

as expected from the hash
$p5v2$AlBIznIq2$OKziCyTibu0A6WPEgbUlEpRwa64gdr7L we get the following output:

sha256:4096:bEJJem5JcTI=:mvW7jv+5py4wiLhB7AnGUN3xJmKw6Z1c

which can be cracked with -m 10900 with password "hashcat" (without quotes)


not sure about your hash, if you aren't sure about the password that's very bad (both for testing purposes but also because it is against the forum rules)

it's needless to say that you need to modify the script and especially the $phpass_hash variable to use it with other hashes than this "hashcat" hash
Reply
#5
Thank you so much, I can work with this.
Do you have a btc address on which you'd like a donation?
Reply
#6
nope. but please do me a favor and do not ignore/disregard the forum rules next time (e.g. posting hashes), they can be read here: https://hashcat.net/forum/announcement-2.html

masking the hash would probably be enough... but it would be even more clever to just mention your problem and ask if somebody wants or can generate a hash with a specific known password (for such cases of unknown algorithm or not matching hash and pass)
Reply
#7
Noted! I've censored the hash.
Working: thank you!
Reply