--So scared of radix and his ban hammer that I have spent hours researching this --
I recently used Usercake to create a login system in PHP. After playing about with hashcat and trying to get it to work, I realized that I was trying to crack MD5 when it is actually SHA1.
So I tried changing it about and researched and realized that a salt and the first 9 chars i.e. hash
alt.
Every time I try any combination (think I have gone through them all in ocl) I keep getting invalid string. Checking it out the hash length is 65 chars in length.
Now am I right in thinking that there is a limit on the length, or am I just doing something majorly wrong?
For those situations where you don't know how to feed *Hashcat w/ your hashes, there is a well-known wiki page that explains the formats:
https://hashcat.net/wiki/doku.php?id=example_hashes
Most important thing is you shouldn't guess what your hash format is, but you should either:
1. know it (because you said that you "create a login system in PHP")
2. look it up (e.g.
https://usercake.com/docs.php )
The page says:
"UserCake uses a salt along with an SHA1 hash to encrypt passwords. The salt is 25 characters in length. This can be increased to 32 characters"
So if I got the math correct: 40 (sha1) + 25 (salt) == 65
You just need to identify which part is which (salt @ end or beginning) and which hash mode it uses:
-m 110
-m 120
or the unicode variants.
Again you shouldn't guess... if you designed it or "created the login system"... you should be able to look up the code and see if the salt is used at the beginning or end etc...
Note also, I have no clue about the Usercake framework, but a single google search helped to get all the algo information etc.
At the end you would feed *hashcat w/
hash
alt
(note the colon in between the 2).
(02-19-2014, 01:33 PM)philsmd Wrote: [ -> ]The page says:
"UserCake uses a salt along with an SHA1 hash to encrypt passwords. The salt is 25 characters in length. This can be increased to 32 characters"
Yea it was that google that made me realize it wasn't md5 but Sha1, boy was I red faced,
thanks for the reply I will get on it now and see how I go
Furthermore...
I don't know if this is the correct repository (or at least an up-to-date fork), but the code is here (
https://github.com/berkus/usercake/blob/...cs.php#L81 ):
$salt . sha1($salt . $plainText);
This implies that the output format is $salt concatenated w/ the hash, which was generated as sha1 ($salt.$pass).
Therefore, the salt is at the beginning (25 chars), then comes the hash.
You just need to edit the format *from*:
$salt.$hash
into
$hash:$salt
(with the colon and of length 40:25 instead of 65 == 25+40)
Then you just need to have -m 120 and the hash/hashfile in the command line.
Thankyou, however after a long weekend and past few days this is con fuddling my brain, I can confirm that is the correct code however
Will chip away at it and hopefully make it work, was hoping to get to grips with hashcat whilst sqlmap is running, back to it eh
--update--
Brain fart, cannot make it work, will post the lines of code im using later, tho I hear there is a GUI version hanging about?
Couldn't get the hang of the salt thing so have run the passwords with the first 25 characters missing