04-14-2020, 10:53 AM
Hi,
boys and girls,
females and male,
men and women,
I have a question.
I have this MD5 hash. I know how "it was hashed", but i cant seem to wrap around, how to crack it.
You see, i know how it was, in its unhashed state. System, you may call it that, is "20200414073337+secret+user", where the "+" is obv. Signalling fx, that secret could be "123" and user "Jessie". Then it would be "20200414073337123Jessie".
Though i know the variable user and the numbers prepending, which is a timestamp, its obv. That i would want to crack the "secret", to reveal its unhashed state. I have tried to make a small handy dandy python script, to collect some 20 wordlists, and fetch them together, in the so called "system" format, i call it. I've then tried to crack the hash, via dictionary attack by using the 1GB wordlist i've made, but no results so far. I've thought about using "rules", but the thing is, that obv. The rules only should apply to "secret". So what i'd want, is to have a wordlist, without "system" format, where it hasnt prependet timestamp and appendet user, then get hashcat to apply the rules onto the "secret", the current "word" in the wordlist, and THEN append/preppend the "system format". But i cant figure out, how i'd do that.
For those asking, it is for a session token dealing, where i'd bassicly have to crack the hash, the session token, before i can go on further, in this "pentest", if you'd call that.
So, may i ask, if you could help me?
Perhaps you may have a better solution?
Anyways, looking forward to hearing back from ya!
(PS. Sorry for my horrible way of English. It's anyways not my main langĀ )
(PPS. This is btw my first post on the hashcat forum, so appoligies for horrible formatting, explaining problem etc)
boys and girls,
females and male,
men and women,
I have a question.
I have this MD5 hash. I know how "it was hashed", but i cant seem to wrap around, how to crack it.
You see, i know how it was, in its unhashed state. System, you may call it that, is "20200414073337+secret+user", where the "+" is obv. Signalling fx, that secret could be "123" and user "Jessie". Then it would be "20200414073337123Jessie".
Though i know the variable user and the numbers prepending, which is a timestamp, its obv. That i would want to crack the "secret", to reveal its unhashed state. I have tried to make a small handy dandy python script, to collect some 20 wordlists, and fetch them together, in the so called "system" format, i call it. I've then tried to crack the hash, via dictionary attack by using the 1GB wordlist i've made, but no results so far. I've thought about using "rules", but the thing is, that obv. The rules only should apply to "secret". So what i'd want, is to have a wordlist, without "system" format, where it hasnt prependet timestamp and appendet user, then get hashcat to apply the rules onto the "secret", the current "word" in the wordlist, and THEN append/preppend the "system format". But i cant figure out, how i'd do that.
For those asking, it is for a session token dealing, where i'd bassicly have to crack the hash, the session token, before i can go on further, in this "pentest", if you'd call that.
So, may i ask, if you could help me?
Perhaps you may have a better solution?
Anyways, looking forward to hearing back from ya!
(PS. Sorry for my horrible way of English. It's anyways not my main langĀ )
(PPS. This is btw my first post on the hashcat forum, so appoligies for horrible formatting, explaining problem etc)