Posts: 8
Threads: 2
Joined: Apr 2020
04-18-2020, 12:42 PM
mail | crypted_password | salt
dp@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:725372XXX5e22195365fbf266cd3aXXX20f1c140
w@gmail.com:00XXXX759d68827b090c63dcXXX115361fd5dc0c:NULL
its sha1 i think i can't figure out
help
Posts: 2,267
Threads: 16
Joined: Feb 2013
The only way to know for sure is to have the source code (algorithm, or name and version of the platform, cms etc) that generated the hashes ... or to guess the algorithm by having at least one user for which you are 100% (one HUNDRED percent) sure about the password.
otherwise it's just a lame guessing game that could be impossible to solve (because there could be too many ways how the passwords could be hashed (like sha1 (sha1 ($s . sha1 ($s . $p) . $s) . $p) etc)
Posts: 8
Threads: 2
Joined: Apr 2020
i used this website
https://hashes.com/decrypt/basic/
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174
and
cracked this got
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:37346533633234666438336439326561373233383365396233613432393262646662386562313734:7365637265743838:SHA1DASH
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174
ecret88
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174
ecret88:SHA1DASH
Posts: 8
Threads: 2
Joined: Apr 2020
SHA-1('--'.$salt.'--'.$pass.'--') it algo
Posts: 2,267
Threads: 16
Joined: Feb 2013
04-18-2020, 03:02 PM
(This post was last modified: 04-18-2020, 03:02 PM by philsmd.)
you are
NOT allowed to post hashes. read the forum rules. You will get banned by not following the rules.
As far as I understand, you are saying the algorithm is basically:
Code:
echo -n --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--secret88-- | sha1sum
so you must use -m 120 with a salt of "--74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--" (without quotes):
where salt is --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--
furthermore you need to apply the rule: $- $-
i.e. the append rule function is used twice to add both of the dashes
append_two_dashes.txt:
Code:
hashcat -m 120 -r rules/best64.rule -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt
Posts: 8
Threads: 2
Joined: Apr 2020
04-19-2020, 03:10 PM
sorry for hash thanks for the help
hashcat -m 120 -r rules/best64.rule --username -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt
hashes_with_dashed_salts.txt=
a@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx
it's that correct?
and just one more help sorry for
(and am using gtx 1660 super but its giving me jus 8k-khs speed for md5 i used -w 3 update drivers still)
Posts: 2,267
Threads: 16
Joined: Feb 2013
no, the salt must be with the dashes:
a@gmail.com:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:--74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx--
if you add users, you need to use --username to skip them.
for salted hashes the hash rate depends a lot on the number of salts.
It also depends on the number of rules and how huge your word list is. Normally, we would suggest to use -O too, but you might already be very close to the maximum length (55) if you combine salt and pass with optimized kernels (-O)... Therefore, it might not be worth the risk of not being able to crack the hashes (just because -O might fail because the combination is "too long").
Posts: 8
Threads: 2
Joined: Apr 2020
okay thankyou
for two dashes have to put it manually or "-r append_two_dashes.txt"
this is okay?
Posts: 2,267
Threads: 16
Joined: Feb 2013
6 dashes total = 2+2 (around salt) + 2 (after pass)
the rules only add 2 dashes, that's why I named the file append_two_dashes.txt
Posts: 8
Threads: 2
Joined: Apr 2020
04-19-2020, 04:38 PM
(This post was last modified: 04-19-2020, 04:41 PM by iamatx.)
so final this
a@gmail.com:--passhash:--salt--
or
a@gmail.com:--salt--:--passhash
.txt file ?
thankyou
