Hashcat
2017-12-31 13:15:51
Documentation
What is hashcat ?, is a great tool, is a advanced password recovery tool :). Everything what you need you can find here https://hashcat.net/hashcat/
Short story
During penetration testing I was able to find user name admin and password hash 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6 with salt szalek. It was quite easy to figure out, that system was create base on Open Source Software. I was able to find a piece of code that generate password.
$pass = "???????";
$hash = "szalek";
$pass .= $hash;
$pass = sha1($pass);
Now we have everything but we don't have plain text password, we have all the pieces of the puzzle and we have hashcat.
What we have to do ?
That part is quite easy, first, you have to have is a list of passwords. Under those links you will find dumps form various leaks. link 1 and link 2
Hashcat time
First you have to create file hash_to_crack.txt with one line 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek as you see here we have hash and salt sepereate by colon if you are ready please execut this. (-m 110 mean SHA-1 more about hash mode)
hashcat -a 0 -m 110 hash\_to\_crack.txt /usr/share/wordlists/rockyou.txt
in this case it will take a secend to restore your password.
...
Dictionary cache built:
\* Filename..: rockyou.txt
\* Passwords.: 14344391
\* Bytes.....: 139921497
\* Keyspace..: 14343296
\* Runtime...: 1 sec
41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek:123456
Session..........: hashcat
Status...........: Cracked
Hash.Type........: sha1($pass.$salt)
Hash.Target......: 41f26dc8435d1f633b1a3c4a30a0d882f645d5a6:szalek
Time.Started.....: Sat Dec 30 23:45:31 2017 (0 secs)
Time.Estimated...: Sat Dec 30 23:45:31 2017 (0 secs)
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 6501.6 kH/s (1.05ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 8192/14343296 (0.06%)
Rejected.........: 0/8192 (0.00%)
Restore.Point....: 0/14343296 (0.00%)
Candidates.#1....: 123456 -> total90
HWMon.Dev.#1.....: N/A