Posts: 15
Threads: 9
Joined: Apr 2018
03-19-2020, 03:18 PM
Hi,
I have the following and would like firstly how to confirm what it is and secondly the mode to use in hashcat.
The Salt and Password have come from a MSSQL Server 2016 database.
(added X's only to obscure)
Salt - 32 characters
AX2486X10A7D87172X6759366F0FB0XF
Password:
4KX5aETqOLGXYtFfC+ImI9sjVnU=
I thought the password might be base64encoded but throws junk when converted back to plain text that way.
I've used online identity tools as well as hashident. Is there any other way or even a native hashcat discovery of hash type I'm not aware of?
Posts: 2,267
Threads: 16
Joined: Feb 2013
Could be anything. Do you know the software / CMS / code that generates these hashes ?
I assume it's not the MSSQL software itself ? is it some custom software / webpage ?
You need to be more specific what you are talking about and how these hashes are generated
Posts: 196
Threads: 0
Joined: Nov 2017
First step is to have a test password that you know so you can test your hypothesis.
Mine is: The password base-64 decodes to 160 bit of data, the same length as a SHA1 hash. The salt looks like hex chars. If you know the correct password you can test the scenario's sha1(dehex(salt) + base-64-decode(password)), sha1(base-64-decode(password) + dehex(salt)), sha1(salt + base-64-decode(password)), sha1(base-64-decode(password) + salt), sha1(sha1(dehex(salt) + base-64-decode(password))), etc.
Once you know that you can find the mode to use.
Posts: 15
Threads: 9
Joined: Apr 2018
Thanks for your response. I wish i could be more specific, I'm doing a pentest for a client and managed to find an injection point that subsequently allwoed me to dump the columns of the backed db and find a set of passwords and salts.
I know the fronend login uses ASP.net and its a windows server 2016 but a part from that nothign else is there.
Its one of those back end portals that doesnt have any other web pages availabel except for a login prompt.
Its custom built too but not sure of anything else by looking at it built on asp.net.
Still searching for more info now.
Posts: 15
Threads: 9
Joined: Apr 2018
(03-19-2020, 04:14 PM)DanielG Wrote: First step is to have a test password that you know so you can test your hypothesis.
Mine is: The password base-64 decodes to 160 bit of data, the same length as a SHA1 hash. The salt looks like hex chars. If you know the correct password you can test the scenario's sha1(dehex(salt) + base-64-decode(password)), sha1(base-64-decode(password) + dehex(salt)), sha1(salt + base-64-decode(password)), sha1(base-64-decode(password) + salt), sha1(sha1(dehex(salt) + base-64-decode(password))), etc.
Once you know that you can find the mode to use.
Nice idea, i cant do that in my situation unfortunately. I'm doing a BlackBox website test so have no information or ability to do what you are suggesting.