Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: how should i crack this type of hash (sha1 & salt)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
mail                    | crypted_password                                                        |  salt
  
[email protected]:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:725372XXX5e22195365fbf266cd3aXXX20f1c140

[email protected]:00XXXX759d68827b090c63dcXXX115361fd5dc0c:NULL

its sha1 i think i can't figure out
help Tongue
The only way to know for sure is to have the source code (algorithm, or name and version of the platform, cms etc) that generated the hashes ... or to guess the algorithm by having at least one user for which you are 100% (one HUNDRED percent) sure about the password.

otherwise it's just a lame guessing game that could be impossible to solve (because there could be too many ways how the passwords could be hashed (like sha1 (sha1 ($s . sha1 ($s . $p) . $s) . $p) etc)
i used this website https://hashes.com/decrypt/basic/
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174
and
cracked this got
e77d773f8aa5c12ef649d33e731fb58c66bee9e5:37346533633234666438336439326561373233383365396233613432393262646662386562313734:7365637265743838:SHA1DASH

e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174Confusedecret88

e77d773f8aa5c12ef649d33e731fb58c66bee9e5:74e3c24fd83d92ea72383e9b3a4292bdfb8eb174Confusedecret88:SHA1DASH
SHA-1('--'.$salt.'--'.$pass.'--') it algo
you are NOT allowed to post hashes. read the forum rules. You will get banned by not following the rules.

As far as I understand, you are saying the algorithm is basically:
Code:
echo -n --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--secret88-- | sha1sum

so you must use -m 120 with a salt of "--74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--" (without quotes):
Code:
hash:salt

where salt is --74e3c24fd83d92ea72383e9b3a4292bdfb8eb174--

furthermore you need to apply the rule: $- $-
i.e. the append rule function is used twice to add both of the dashes

append_two_dashes.txt:
Code:
$- $-

Code:
hashcat -m 120 -r rules/best64.rule -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt
sorry for hash thanks for the help

hashcat -m 120 -r rules/best64.rule --username -r append_two_dashes.txt hashes_with_dashed_salts.txt rockyou.txt

hashes_with_dashed_salts.txt=
[email protected]:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx

it's that correct?

and just one more help sorry for Tongue
(and am using gtx 1660 super but its giving me jus 8k-khs speed for md5 i used -w 3 update drivers still)
  
no, the salt must be with the dashes:
[email protected]:848XXXc9e5baf34d6dba20XXX755f4984b6d77cc:--74e3c24fd83d92ea72383e9b3a4292bdfb8exxxx--

if you add users, you need to use --username to skip them.

for salted hashes the hash rate depends a lot on the number of salts.

It also depends on the number of rules and how huge your word list is. Normally, we would suggest to use -O too, but you might already be very close to the maximum length (55) if you combine salt and pass with optimized kernels (-O)... Therefore, it might not be worth the risk of not being able to crack the hashes (just because -O might fail because the combination is "too long").
okay thankyou 
for two dashes have to put it manually or "-r append_two_dashes.txt"
this is okay?
6 dashes total = 2+2 (around salt) + 2 (after pass)

the rules only add 2 dashes, that's why I named the file append_two_dashes.txt
so final this

[email protected]:--passhash:--salt--

or

[email protected]:--salt--:--passhash
.txt file ?
thankyou
Pages: 1 2