Unable to crack SSH private key SSHNG
#1
Wink 
Hi,

I'm trying to crack the ssh private key hash but I can't figure out the mode the hash function uses. I don't even know if hashcat is able to crack this "sshng" hash type.  Using the latest hashcat, tried different modes such as md5, sha1 --> sha256, and all with no luck. I know the password and it has 6 characters in it. Is it limited to john the ripper only? Is it something that a john the ripper can do but not hashcat? If it's true, then I'm very sad and quite disappointed.

hashcat64.exe -a 3 -mXXXX --username id_rsa.txt l?l?l?d?d?d? -o cracked.txt

here's the hash & the corresponding password

id_rsa:$sshng$1$16$1FB724D44CB632200663D1889A154265$1200$cf46f6ac4e4a7f5c293c2dd46743feb518d578fa7ad270c10b6c283c2c9ad739c1def07aa573305195251c4968b237255832689e2bc27e59aac23246346b0395019e30279eca7fe3f9c4bec8c538e859877d9d470c3383f5f339a0cafd122dced4ee8e2f36d624042bdd34346fc461e5258782c86a79d2c8b698fe26eede963e935a3303d45f96b9a1b9de45f7a92e7467be4c728032cd7dfe376c0aa7c91f8bd0af5a536ce6b463c41918b0fa806d5e353409ad8c19d68847876d3f58d5d9af5e32deeedcd45541d99a82bdc03741eb7b46a0cc38ad604a99a5971319183b549bb7d605cfc24c02882c46e6bc54b7cca6cef42a82632377feebdf23f55e02273807c540852a92f0fda0560f6c2384d6d0efdc2b524a1c71e8bd50379cad64a031e653691ac3de4e3b17972552a25e101b4831e348d5d0a22b435a26567965082f793066da08bf84cd7614be17e299acd9bc339beb235531ffb32fe5c2131fef873c5ac07355120dc72602450a4bf27f36bd192ae5e12035d48xxxx9ee80d4dc7b6b5baf9e956ad51b575a878f613bebb662aaad21fa481842df6d0fa9a4b01869211dcecfe69c875655a1b3544f856a7efde67b735c3c32f6efd5819a82164b81369dd9f3500b061a5a97c47d7f67d2281927ffd1b3995c2b30cb11bce768b8358057d924165ac1289dbc6e50a69ec45beadbca292ede1b97513b2bd038c1caa3f0f36919219941f05c4ab89ab8fae8ae08aca64ddbad1046edb9115dbdbbfb060d59de7d0a5bd5b089daac3bc1304915807df12847f1323e65dcb7bafd60c63f0d2df1f7b17915c6f3367ac904521478cc26b4b91dd545e8ea31395357649d28ec7f3fa80b9cad3ef031f5993b56dca2f9b48ebadd317b48068cf8c486e08539df2c897a8194dd60202651d5f482db5e1c46605ece44c84a8608c57021bce3e5f27d56907696e97b92dab13a5c387c24fee91253585502e39804684c4696c9ee7521e4301e421944aa46d738122a1827ce2fa96641337364c2c4341bce841354664830c4dafe1f8da736694534de158acff6534467939b6ca4e66737d4f881711da6e962b9907fb99e3b11360797d446b811a1e95ea49402b8e


password(Key) - asd123

The error
Hashfile 'id_rsa.txt' on line 1 (id_rsa...b11360797d446b811a1e95ea49402b8e): Signature unmatched

No hashes loaded.


Thank you
Reply
#2
Hi.
Are you serious?! Why would you run hashcat in md5/sha1/... mode for a hash so clearly NOT md5/sha1/.... ?!?
These modes have a name for a reason. You are supposed to use md5 mode with md5 hashes. Just md5 hashes!
You can't just mix and match and e.g. hope to crack a bcrypt hash in sha1 mode. LOL.

Have you tried mode 22931?
Sure looks like it could fit your hash.
Next time compare your hash to these: https://hashcat.net/wiki/doku.php?id=example_hashes
to find the right mode.
And while you're at it, maybe have another look at the wiki, just so you understand what you are actually doing.
Oh, and be careful with posting hashes. People around here don't take kindly to that sorta thing.
Reply
#3
(01-23-2021, 01:04 AM)the_charm Wrote: Hi.
Are you serious?! Why would you run hashcat in md5/sha1/... mode for a hash so clearly NOT md5/sha1/.... ?!?
These modes have a name for a reason. You are supposed to use md5 mode with md5 hashes. Just md5 hashes!
You can't just mix and match and e.g. hope to crack a bcrypt hash in sha1 mode. LOL.

Have you tried mode 22931?
Sure looks like it could fit your hash.
Next time compare your hash to these: https://hashcat.net/wiki/doku.php?id=example_hashes
to find the right mode.
And while you're at it, maybe have another look at the wiki, just so you understand what you are actually doing.
Oh, and be careful with posting hashes. People around here don't take kindly to that sorta thing.

Oh come on dude, didn't I say that I couldn't figure out the mode? Let me quote that once again..
"I'm trying to crack the ssh private key hash but I can't figure out the mode the hash function uses. I don't even know if hashcat is able to crack this "sshng" hash type."
Like I said I don't know the mode the hashcat needs for sshng hash type(not even sure that hashcat can do this) so, I'm asking a simple question as I'm curious & want to know if Hashcat can do that but, you seemed a legend of sarcasm.

Don't worry about the hash posted here. It's just a sample(I know the key) I'm trying to figure out using the hashcat. I know the consequences of posting the original ssh key hash. Please Don't refer me to the link(https://hashcat.net/wiki/doku.php?id=example_hashes). I have been using this link since 2010 & I'm very well aware of that. Do you know if hashcat can do it or do I have to go back to the old school john the ripper?


Yes, I have tried 22911, 22921, 22931, 22941, and 22951 with no luck. 

The error
hashcat (v6.1.1) starting...

Cannot load module ./modules/module_22911.dll

In a previous version of hashcat it says Unknown hash type no hash loaded.

Anyway thanks for the quick response
Reply
#4
While the_charm's response didn't sound very friendly, it's entirely on point.

Going to https://hashcat.net/wiki/doku.php?id=example_hashes and searching for "ssh" on that page will quickly answer your question. Just as doing a "hashcat -h | grep -i ssh" would. the_charm even provided you with the correct hash mode.

Please read the forum rules and don't post hashes. Especially not if you don't post the corresponding password.
Reply
#5
(01-23-2021, 09:45 PM)undeath Wrote: While the_charm's response didn't sound very friendly, it's entirely on point.

Going to https://hashcat.net/wiki/doku.php?id=example_hashes and searching for "ssh" on that page will quickly answer your question. Just as doing a "hashcat -h | grep -i ssh" would. the_charm even provided you with the correct hash mode.

Please read the forum rules and don't post hashes. Especially not if you don't post the corresponding password.

Here's what I have tried so far with the link(I did that before creating this thread).

22911, 22921, 22931, 22941, and 22951 (Including all the other hash modes)


The error
hashcat (v6.1.1) starting...

Cannot load module ./modules/module_22911.dll

In a previous version of hashcat it says Unknown hash type no hash loaded.

Edited:
Will include the password in the thread as well. Thanks for reminding
Reply
#6
"Cannot load module" sounds like you did not correctly extract the archive. I suppose "hashcat -m <mode> -b" doesn't work either?

edit: support for ssh keyfiles was added after the 6.1.1 release. You have to use the beta version: https://hashcat.net/beta/
Reply
#7
(01-23-2021, 10:04 PM)undeath Wrote: "Cannot load module" sounds like you did not correctly extract the archive. I suppose "hashcat -m <mode> -b" doesn't work either?

edit: support for ssh keyfiles was added after the 6.1.1 release. You have to use the beta version: https://hashcat.net/beta/

No,  "hashcat -m <mode> -b" works pretty well.

But the cracking still fails with every modes from 22911 to 22951
Hashfile 'id_rsa.txt' on line 1 (id_rsa...b11360797d446b811a1e95ea49402b8e): Token encoding exception

No hashes loaded.


Is it something with the hash?

Edit: I have downloaded the beta version 6.1.1(did that twice with this link https://hashcat.net/beta/) & I know that I have extracted it correctly but the impression is same as it was earlier.
Reply
#8
Your hash is broken. It's too short. The end is missing.
Reply
#9
hey.
thanks undeath for identifying the problem.
so, i'm just here because i wanted to say sorry that my previous post sounded a little grumpy.
mixing&matching modes just sounded absolutely ridiculous to me.
and so then -in my mind- i guess i just threw you in the same bucket with the other people who come here and expect us to "hack their snapchat accounts".
(just had such a case yesterday or the day before)
it's like, "why can't people at least try to understand what hashcat actually does before posting utter nonsense?!"
well, and that is basically the place from which my first post came...

BTW. if i ever achieve a custom rank on this forum, i definitely want it to be "legend of sarcasm" Big Grin
Reply