Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: peoplesoft hash help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I've read through this forum and haven't found this answer, so hopefully I've missed something.

I see hash type 133 (Peoplesoft).  From my understanding on reading the support ticket when it was implemented it assumes no salt.

The hash I'm dealing with is as follows:
sha1 ( salt  + convert_to_utf-16le(password) ) )

The salt has characters outside of ascii range.  For example, hex bytes 01, 02, 03, etc.  I can calculate the salt for each hash. For the example I have the salt is 226 hex characters or 113 bytes.

Any suggestions on what to try?  


Any help is appreciated.
Can I do something like this:

-m 100 -a 3 hashes.txt --hex-charset [lots of hex characters]?d00?d00?d00?d00

Essentially, I am only going against 1 hash so I can hardcode [lots of hex characters] as the salt I know. However, this crashes when I attempt it. My thinking is I can manually convert the password to utf16le with the hex 00. I'm unsure if the ?d will be converted correctly to hex when the substitution is done though.
Is there some type of limit on mask length? After playing around with it seems it crashes with mask length > 128 characters. Is the internal mask buffer 128?
I tried something crazy and did the following, which didn't work:

./mp64.bin --hex-charset [lots of hex characters]?d00?d00?d00?d00 > /tmp/myfifo

hashcat -m 100 ../hashes.txt /tmp/myfifo

As before I hardcoded lots of hex characters as the known salt and manually created the utf16 password using the mask. I verified the strings made it to the fifo pipe in the correct format. However, this didn't work. I did some contrived examples and it seems like any hex string over 110 characters (55 bytes) resulted in this setup not working. No idea.