02-03-2019, 04:18 AM
I'm a complete newbie and I'm trying to crack hashes created with this python script:
Inputting "foobar" into this script gives this string:
2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169efee941dfcde93b0d550998db85b9773ca0a2e7f2ef59e9a4b1f1b630e7797437bfd7846cfef6e50d440c8e1e633bd4cc8a5381292e9221a1dd40fe77cc4b04b
Trying to crack it I wrote this python script to put hashes like this into the right format for hashcat:
which turns the hash for foobar into:
sha512:100000:IhPc04IMGMVZzDici9IuazsLP0EPAezxqslfrxcW4Wk=:7+6UHfzek7DVUJmNuFuXc8oKLn8u9Z6aSx8bYw53l0N7/XhGz+9uUNRAyOHmM71MyKU4EpLpIhod1A/nfMSwSw==
I then created a textfile foo.txt which just reads "foobar" .
Unfortunately running:
$hashcat -m 12100 -a 0 -o cracked.txt passwords2.hash foo.txt
does not recover the example hash. What am I doing wrong?
Code:
import hashlib
import binascii
password = input('Give a password to hash: ')
salt = b"2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169"
pwdhash = hashlib.pbkdf2_hmac('sha512', password('utf-8'),
salt, 100000)
pwdhash = binascii.hexlify(pwdhash)
print((salt + pwdhash).decode('ascii'))
Inputting "foobar" into this script gives this string:
2213dcd3820c18c559cc389c8bd22e6b3b0b3f410f01ecf1aac95faf1716e169efee941dfcde93b0d550998db85b9773ca0a2e7f2ef59e9a4b1f1b630e7797437bfd7846cfef6e50d440c8e1e633bd4cc8a5381292e9221a1dd40fe77cc4b04b
Trying to crack it I wrote this python script to put hashes like this into the right format for hashcat:
Code:
import base64
with open("passwords.hash") as f:
content = f.readlines()
content = [x.strip() for x in content]
f = open("passwords2.hashes", "a")
for hashes in content:
beginning = "sha512:100000:"
salt = hashes[:64].decode("hex").encode("base64")+":"
password = hashes[64:].decode("hex").encode("base64")
hashCatFormat = (beginning+salt+password).replace("\n","")
f.write(hashCatFormat+"\n")
which turns the hash for foobar into:
sha512:100000:IhPc04IMGMVZzDici9IuazsLP0EPAezxqslfrxcW4Wk=:7+6UHfzek7DVUJmNuFuXc8oKLn8u9Z6aSx8bYw53l0N7/XhGz+9uUNRAyOHmM71MyKU4EpLpIhod1A/nfMSwSw==
I then created a textfile foo.txt which just reads "foobar" .
Unfortunately running:
$hashcat -m 12100 -a 0 -o cracked.txt passwords2.hash foo.txt
does not recover the example hash. What am I doing wrong?