Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: ASP.NET Membership Password Hash
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am trying to use hashcat with an .NET Membership password hash. 
I have a 40 bytes long hashvalue which is sha1 and encoded in base64. Second I have a 128 bytes long salt which seem to be hex values in upper-case.

So first I convert the base64 pw hash:

echo -n "XGO********************B1nA=" | base64 --decode | xxd -ps

which gives me the 40 bytes sha1 hash:
5c******************************1b01d670

The salt is 

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0

I then prepare a file with the following format:

FC7040D218A2FDEADF7BC1C341CD61D1D246BE570BD2E7D312F4C42BDE7DBEA6B34013D1B7700FAAFEAFEED96CAEF52ACAA6D38FF9FB9E392AD62C0048DC08A0:5c******************************1b01d670


When I run hashcat with the following command

hashcat -m 140 --hex-salt ./sha1 ../wordlists/rockyou.txt

I get an line length exception 

If I pass shorter salts, hashcat excepts the input, so I guess the problem is with the 128byte salt. Maybe the salt is in the wrong format ?

Thanks in advance for any help
(05-16-2016, 01:46 PM)atom Wrote: [ -> ]There's just this: https://hashcat.net/wiki/doku.php?id=fre...alt_length

I understand, salts for generic hash types have a limit of 31. Pity for me. I found a feature request in the forum from 2012: https://hashcat.net/forum/thread-1752.html. Is there any progress on this ?
No, we don't try it. There are better ways to handle large salts, as described on the wiki I linked