1

I'm trying to learn more about hashes and cryptography and doing my own pentesting, but I seem to be stuck on this problem.

The hash function being used is SHA1.

If I'm trying to determine a password and I know that the last X characters of the password are: endofpassword#.

And I know that the beginning of the hash is: e921a7cde9e64d612b, but not the rest of the characters for the hash, is it possible still to determine the password and what tool would you use for this?

I believe Hashcat would not be suited for this sort of attack but I may be wrong.

techraf
  • 9,141
  • 11
  • 44
  • 62
ark
  • 111
  • 4
  • See also [Does truncating the cryptographic hash make it impossible to crack?](https://security.stackexchange.com/questions/18385/does-truncating-the-cryptographic-hash-make-it-impossible-to-crack) – Sjoerd Jun 23 '16 at 17:14
  • I saw that link but he's asking something a little bit different. I still need to generate possible valid passwords and something that will produce the same beginning hash. Not something that will only produce the same beginning hash. – ark Jun 23 '16 at 17:17
  • When you say `randombytes#`, do you mean that textually, or is it really random, or a specific set of numbers? – Julie Pelletier Jun 23 '16 at 17:26
  • Sorry I should have been clearer. I mean textually as in it is the literal characters randombytes# – ark Jun 23 '16 at 17:27
  • I think the part of the question asking for what tools to use is off topic, since its a request for product recommendations. The rest of the question sounds on topic, though. – Anders Jun 23 '16 at 17:35
  • 1
    I can't post a comment, however the hash you are looking for is actually `e921a7cde9e64d612b0d1ad9d9935e3b102a9302` or just `randombytes#`. (: –  Jun 23 '16 at 21:40
  • @vikramraja1995 whats the significance that sha1 of randombytes# leads to that hash – ark Jun 23 '16 at 23:48
  • @ark Why was `randombytes#` changed to `endofpassword#`? I agree with @vikramraja1995 - you have provided the full password (`SHA1(randombytes#)=e921a7cde9e64d612b....`) – Jedi Jun 24 '16 at 00:59
  • Previous commenter found it confusing. Trying randombytes# does not work as the password though.... – ark Jun 24 '16 at 01:00
  • @Jedi precisely – ark Jun 24 '16 at 01:13

2 Answers2

1

Considering that I am reading your question correctly you know the first section of an SHA1 hash and then the characters in plain text after the hash.

To successfully pull off this attack you would need to write a script that guesses passwords as Password1! + randombytes# and hashing the full combo with SHA1 and then checking to ensure the beginning of the hash of the guessed password equals e921a7cde9e64d612b and adding it to a list of potential passwords.

You mentioned using hashcat however due to the nature of your attack method as mentioned above it would be easier to write a simple script in a language of your choice to pull off your attack.

In short the attack is possible but would be more difficult since you do not have the full hash.

techraf
  • 9,141
  • 11
  • 44
  • 62
1

Knowing part of the password gives you a good start at building a list of possible passwords, but that could be a massive list depending on the max length and charset. Say it's a max of 50 chars and you have 14, that leaves 36 chars worth of entropy in the unknown range.

By knowing part of the hash you can invalidate a lot of those, but without the whole hash you need to search the whole unknown range looking for matches to your part of a hash. The time this takes is considerable, even with GPU help (a tool like oclHashCat) you are talking about decades of work since the part of the hash you know doesn't speed it up; you need to run the hash and then compare it to your fragment. You can't stop as soon as you find one that matches, either, because you have no way of knowing that its the only match and therefore must exhaust the entire space.

If you do exhaust the space with only one match, you have found the password. If you have multiple results you have not found the password. I think the answer to "is it possible still to determine the password" is a solid "maybe" since you will only know if there is 1 possible password until after you check.

Jeff Meden
  • 3,966
  • 13
  • 16