For what purpose? So I know which encryption is being used?
The encrypted password does start with $P$, which should be md5(wordpress) isntead of md5(phpbb3) like in the exame you placed in your post.
However, it seems multiple people (like Atom) say md5(phpbb3) is the same as md5(wordpress)
https://hashcat.net/forum/thread-948.html
Think like that:
normal md5(pass): Create a md5 hash from a string.
md5crypt(pass): create a md5 from the md5 from the md5 ... till you have done it 1000 times.
edit:
This:
$P$
$1$
$x$
are just prefixes created like this:#
crypt($password,'$1$'.$hash.'$');
After that comes a salt and the md5 or just the md5.
If they use diferrent prefixes but the same hash algo it doesn` t matter if hashcat cuts both prefixes in one function.
Hmm I see I see
But that does mean I'm on the right track with my current command, right?
Once again, thanks a lot for taking the time to explain all this to me!
(12-21-2012, 07:09 PM)Kandeen Wrote: [ -> ]Hmm I see I see
But that does mean I'm on the right track with my current command, right?
Once again, thanks a lot for taking the time to explain all this to me!
Yes, your command line is fine. The algorithm is meant to be slow so that it's more trouble for crackers. Moreover you are using the CPU and not the GPU. If you do simple dictionary attack, it might finish relatively fast but as soon as you add rules, it becomes much slower.
I would not even try it with the cpu version. Even the simple dictionary attack with a let` s say 5gb dictionary tooks days with some thousands generated hashes per second if I remember correct.
Everething else takes month to years. As commented by master, rule based attacks or toogle case and combinators etc.
If you really have to mess around with this kind of endless iterated hashes use the gpu.
Alright guys, thanks a lot!
I'll keep you updated if you want.
I really appreciate your support!