Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Trying to understand what I'm doing. SHA1. sha1($pass.$salt)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
So I've been trying to use JTR to crack a text file I've created that contains the follow:
Code:
iamUser:3####7C7#C318F5####40#B####C42####AC##05E######26

username:hash

Now reading the Wiki is states:
Quote:Due to its architecture, only XXX($pass.$salt) algorithms can be implemented. Algorithms using the opposite XXX($salt.$pass) can not be implemented.

Now I'm guessing the username is the "salt" so to be able to use oclHashcat-lite I need to reverse the text file?

This is JTR output: salted SHA-1 [128/128 SSE2 intrinsics 8x]

I'm really lost so I'm trying to put things together. Sorry if this is a stupid question.

Thanks,
Beach
sha1(pass.salt) and sha1(salt.pass) are two different algorithms. if you need sha1(salt.pass) then you cannot use lite.

but if you have a hash in user:hash format, what leads you to believe it is a salted algorithm? are you sure the password is salted with the username? if so, are you positive the algorithm is sha1(pass.salt)?
Wow! Thanks for the quick response. I'm using this tutorial:
https://www.hackmac.org/tutorials/decrypt...passwords/ on a VM of my old computer.

The tutorial says JTR should report "Loaded 1 password hash (Mac OS X 10.4+ salted SHA1 [32/64]"
oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.

the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.

consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.

Code:
epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dba

hashcat requires hashes to be in hashConfusedalt format, so you just take the first eight chars and move them to the end of the hash, separating it with a colon.

1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F

you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.

Code:
epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 test
actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.
(03-27-2013, 08:15 AM)epixoip Wrote: [ -> ]actually i just realized you said you were using a vm, in that case you wouldn't be able to use litecat or pluscat anyway. you can only use hashcat.

Before I sold my 10.4 machine I converted it into a VM. I have my desktop running OSX and Windows. I've just installed a drive to install Ubuntu on to. That machine has 2x GTX460 and a GTX670

(03-27-2013, 08:05 AM)epixoip Wrote: [ -> ]oh, osx 10.4 hashes, ok. so in that case, you will need to do a little work to use hashcat with this algorithm.

the algorithm is sha1(salt.pass), and the salt is a four-byte hex salt prepended to the hash string.

consider the example hash A320163F1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA with a password of "test". the first eight characters are the salt, and the remaining 40 chars are the sha1 hash.

Code:
epixoip@db:~/hashcat-0.43$ printf "\xA3\x20\x16\x3Ftest" | sha1sum
1e6db42c3949f7e232888acc7db7a0a17e493dba

hashcat requires hashes to be in hashConfusedalt format, so you just take the first eight chars and move them to the end of the hash, separating it with a colon.

1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F

you can then use hashcat or pluscat to crack this hash using -m 120 --hex-salt. you will not be able to use litecat.

Code:
epixoip@db:~/hashcat-0.43$ echo 1E6DB42C3949F7E232888ACC7DB7A0A17E493DBA:A320163F >test
epixoip@db:~/hashcat-0.43$ ./hashcat-cli64.bin -m 120 --hex-salt test -a 3 test

Wow. Thanks a lot for all the help. I'll give this a try today and report back.