1

I am trying to crack a number of passwords that have been hashed using SHA-256 using some java code.

I have the hashes available and I also have the possibilities in which the password can be. Some of these possibilities include,

possibilities

So for example I have hash

9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08

and I want to get the password using an algorithm (one which I will code in Java) to get the password:

test

Is the only possible way I can do this is to calculate the hashes for all of the possibilities and then compare them with the hashes that I have?

forest
  • 64,616
  • 20
  • 206
  • 257
kquinn
  • 11
  • 2
  • 1
    Yes, some form of "hashing" the plaintext possibilities and comparing is the only want to do this short of massive work looking for collisions. Why are you doing this in Java? Hashcat has everything to do the above already. Is it just for training/learning? – bashCypher Dec 19 '18 at 18:33
  • its an assignment is all thanks for the reply though I kinda figured its the only way I just want to make sure I'm not missing anything – kquinn Dec 19 '18 at 18:44
  • Look up Rainbow Tables... – thepip3r Dec 19 '18 at 19:35
  • that one is "test"; just google them – dandavis Dec 19 '18 at 19:41
  • 1
    Everyone here is telling you you don't need what you're asking for. But what you're asking is precisely why hashcat and mask processing was made. https://hashcat.net/wiki/doku.php?id=mask_attack . For example, you could crack 4 characters with ?a?a?a?a – J.A.K. Dec 19 '18 at 21:46

1 Answers1

-1

What you want is called a rainbow table and it's exactly that; a pre-calculated map of keys and their corresponding hash values. It's also really huge. Being said, if you've got a spare machine with the disk space, or are willing to pare down your example cases, you can generate this data rather easily on the fly with any language's hash function. Just generate your strings, hash them, and store them as a key-value pair or in a simple db.

Steve Gazzo
  • 7
  • 2