Cracking SHA1(linkedin)

[whabikhazri]

Hey everybody !
Is there a way to crack sha1(Linkedin) on the new hashcat release ?! i can't find the oclhashcat to crack my hashes !
Thanks guys !

[royce]

There is nothing unusual about the 2012-era LinkedIn SHA1 hashes - they're generic raw SHA1.

There is only one version of hashcat now - does OpenCL or CUDA (but at least one is required, for either CPU or GPU).

[whabikhazri]

Thanks for the reply dude ! but usin generic sha1 "-a 100" or any other iteration doesnt crack my hashes thaught maybe if i used the specefic Sha1 Linkedin it will solve my problem ! Ps: my hashes are from the 2012 era

[philsmd]

not exactly true royce, it was once implemented as a separate kernel because of some special handling:
see https://hashcat.net/forum/thread-6354.html
and https://github.com/hashcat/hashcat/commi...86740c80ae

but this was already removed back in 2016 (as the git commit history also correctly shows us)... so removed ages ago, not just in last update

[royce]

Lol -and apparently I used to know this (2017) ... and totally forgot! Thanks, philsmd!

[whabikhazri]

So i guess there are no plans to restore the - 190 anytime soon ! is there a way to get an old realease <3.0 so i can crack my hashes ? Thanks for your time

[philsmd]

you could use hashcat-legacy with your CPU from https://hashcat.net/files/hashcat-2.00.7z (deprecated, not supported anymore)  update: it seems that hashcat-legacy never supported -m 190... or just implement the change in a separate clone of the hashcat repository:

https://github.com/hashcat/hashcat/blob/...a3.cl#L270
in all kernel files (a0, a1, a3).

Don't forget to remove the kernel cache directory kernels/ , otherwise your kernel changes wouldn't be loaded.

---

update: this is actually the old version I meant: https://web.archive.org/web/201606220055...clhashcat/ , https://hashcat.net/files/cudaHashcat-2.01.7z (CUDA NVIDIA), https://hashcat.net/files/oclHashcat-2.01.7z (OpenCL AMD), but of course there is no guarantee that these work on modern hardware and of course they are also not supported anymore by the dev team, nor maintained. so only use them at your own risk. It's probably better to just use latest version and add the change I pointed out above (+ kernel cache removal).

[whabikhazri]

Thanks a lot Phill ! i'll try the old cuda release and the i'll add the changes if it doesn't work ! posting results after !

[mailmuncher2000]

It seems like hashcat v6.1.1 is still using the masked hash logic for SHA1 (-m 100 ) which should probably be marked as bug. That is to say that hashcat seems to be ignoring the first 5 nibbles of the SHA1 hash while checking (potential bug?)

SHA1(testing123) = 4c0d2b951ffabd6f9a10489dc40fc356ec1d26d5

But hashcat will find this hash for testing123:

hashcat -m 100 -a3 00000b951ffabd6f9a10489dc40fc356ec1d26d5 testing?d?d?d
00000b951ffabd6f9a10489dc40fc356ec1d26d5:testing123


Please can someone report this as a bug? Unless it is considered a feature?

[royce]

I don't know about it's official bug/feature status, but I can say that with all remaining bits being identical, the likelihood of any given hash being anything other than an accidental or deliberate alteration of the "true" hash is very low. One could argue that it probably shouldn't be -m 100, though, and instead its own mode.