1

I have this PHP code with me : 

$auth = md5($username.$password.$salt);

I have a dummy value : 

$username = user
$password = password

And I also have the resulting MD5 Hash : b4fbb742bc2a24bc033dbfb4f4582e08

I need to find the salt which has been used. Is this possible in something like John The Ripper or Hashcat etc?

Sankalp Singha
  • 301
  • 1
  • 3
  • 6
  • Seems like you may have a static site wide salt. this is bad practice. The salt should be a different random value for each user and an attacker knowing the salt is not a problem, the purpose of the salt is to avoid identical hashes for two users with the same password. – wireghoul Apr 18 '16 at 00:20
  • If the cracking tools do not support partially-known passwords, you can simply feed them with a self-generated word list. – Arminius Apr 18 '16 at 00:30

2 Answers2

3

Generally yes, if you have enough time. If you know how long or in what format the salt is, it would help you. But the method is brute-force, as the any other hash-reversal:

oclHashcat -m=0 b4fbb742bc2a24bc033dbfb4f4582e08 -a=3 userpassword?1?2?2?2?2?2?2

I didn't test that, but documentation is certainly good place to start.

Jakuje
  • 5,229
  • 16
  • 31
1

It depends on how much entropy the salt contains. 32 bits? Sure. 128 bits, no chance in hell. Something in between, YMMV.

Of course, the salt used MUST be available somewhere, otherwise you can't compare the password to anything. The salt is (generally) as much of a secret as the hash is, and normally stored in the same place.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76