08-18-2018, 08:05 PM
Ran into this oddity during a password audit. The "--show" option seems to fail to match when the password contains a colon character. Here's a simple recreation of the issue:
Contents of test.pot:
Contents of test.hash:
If the .pot file is hex-ified everything works as expected:
If a hex-ified .pot is a requirement is there an option to combine --show and outfile-format 2 with dehexify?
-Dave
Contents of test.pot:
Code:
XXX805ca569814dXXX30e7608fb08XXX:John3:16
XXX3d483f363711XXX27ad3e0f7f3XXX:John3#16
Contents of test.hash:
Code:
user1:XXX805ca569814dXXX30e7608fb08XXX
user2:XXX3d483f363711XXX27ad3e0f7f3XXX
Code:
hashcat -m 1000 --username --potfile-path test.pot --show --outfile-format 2 test.hash
user2:John3#16
If the .pot file is hex-ified everything works as expected:
Code:
user2:John3#16
user1:$HEX[4a6f686e333a3136]
If a hex-ified .pot is a requirement is there an option to combine --show and outfile-format 2 with dehexify?
-Dave