Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: modx modPBKDF2 hashes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Need help about modPBKDF2 hashes brute.

Got some hashes from modx database.
Columns look like:
password is '+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc='
salt is 'a9a3cd2a52f4ead8bff477941ceb62f5'
Clear password is 123123.

Algo is presented here https://fossies.org/dox/modx-2.4.3-pl/mo...ource.html
Looks like it`s pbkdf2_sha256 (module Django (PBDKF2-SHA256) for oclHashcat?), but I cannot brute it with this module.
Hash input set as pbkdf2_sha256$1000$a9a3cd2a52f4ead8bff477941ceb62f5$+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc=. just as I use it with HashManager.
Mistake in oclHashcat is "Line-length exception". I think, I need to use another input format for hash, am I right?
Looks like a direct implementation of Taylor Hornsby's PHP PBKDF2 function, which should be compatible with -m 10900, but doesn't look like it is. I modified the input format to match 10900, but it's not finding the plaintext. Will need to dig into the code to see where the minor differences are.
The salt must also be specified as base64 encoded string, like this:
Code:
./oclHashcat -m 10900 -a 3 --quiet 'sha256:1000:YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjU=:+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42E
yVDc=' 123123
sha256:1000:YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjU=:+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc=:123123

so if a9a3cd2a52f4ead8bff477941ceb62f5 is the "raw salt", then base64 ("a9a3cd2a52f4ead8bff477941ceb62f5") = YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjU= must be specified as salt
Argh I thought I tried that, but I didn't get the padding character in copy/paste so I only tried "sha256:1000:YTlhM2NkMmE1MmY0ZWFkOGJmZjQ3Nzk0MWNlYjYyZjUK:+7WYTHGVutZhmE9KYjb93Rvtd/XIy0aM+I8t42EyVDc=". Oops!
It works, thanks!