Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Help me identify this salted hash?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I got it from a MySQL5 database. I am a total novice as this stuff, so I need a bit of help

password: [40 character hash]
salt: [12 characters using letters and symbols like =|%$;]

I'm using cudahashcat and i thought the "MySQL4.1/MySQL5" would be the way to go, but aren't those hashes usually  unsalted?

I also tried to give the hash to onlinehashcrack.com and they were unable to crack it.

I was thinking it would be either: sha1($pass.$salt) sha1($salt.$pass), but I am unsure.

Thanks for the help
You cannot use hashcat "MySQL4.1/MySQL5" mode because your hash is salted.

onlinehashcrack.com do not crack Salted Mysql.

You can try one of :
sha1($pass.$salt)
sha1($salt.$pass)
sha1($salt.$pass.$salt)

But the best try is to know how the hash was built, try to read the webapp source code.
(01-17-2016, 08:32 PM)Mem5 Wrote: [ -> ]But the best try is to know how the hash was built, try to read the webapp source code.

Sorry, can you elaborate a bit on this? How could this tell me what formula was used?
The application builds the hash. If you read the application source code, you will know which algo (mysql, sha1, etc) has been used, and how the salt+hash have been put together ($salt.$pass or $pass.$salt etc)