2

Given a SHA256 hash, and a salt, I am trying to crack the hash using hashcat. Every example I've found used a hashfile as input, is there way to provide salt and hash via commandline without the need to create a hashfile?

Here is an example what I am trying to crack:

Hash: 6ce9a7c73ebf0c04db026fda907210e7367f6d72225f78399a4a3fc9bfd0cce9
Salt: a3424259-9534-486a-bfe9-6a2b39aa70e5
schroeder
  • 123,438
  • 55
  • 284
  • 319
n00b.exe
  • 141
  • 1
  • 2
  • 4
  • 3
    Have you read the manual? https://hashcat.net/wiki/doku.php?id=hashcat – schroeder Mar 07 '19 at 20:52
  • @schroeder I didn't find what I was looking for otherwise I wouldnt have asked the question. I know that I can specify the mode with -m but how would I provide the username, salt and the hash in the commandline? – n00b.exe Mar 07 '19 at 21:01
  • 1
    We can't know what you have already checked. The use of the term "shadowfile" suggests you only checked out specific tutorials and not the manual. Why do you want to specify the username? – schroeder Mar 07 '19 at 21:03

2 Answers2

3

According to hashcat's wiki, you can paste the hash directly into the command line:

Usage: hashcat [options]... *hash*|hashfile|hccapxfile [dictionary|mask|directory]...

You can also use hash mode 1710 as in: 1710 | sha512($pass.$salt)| Raw Hash, Salted and/or Iterated

Putting it all together, it would be hashcat -m 1410 -a 0 hash:salt --username test_user /usr/share/wordlists/rockyou.txt where the hash contains the password and salt (in that order).

If the hash is salt/pass instead of pass/salt, use 1420 instead.

SomeGuy
  • 730
  • 3
  • 18
  • when you see delimiters such as `/` or `.` in a hash string, that's the delimiter for the salt and hash. – SomeGuy Mar 07 '19 at 21:17
  • I obtained the hash & salt from a database dump (from a system that was specifically designed to be attacked) and there were columns for the hash and the salt. So yes, I guess this is the salt for that hash value? – n00b.exe Mar 07 '19 at 21:28
  • Try `hashcat -m 1710 -a 0 6ce9a7c73ebf0c04db026fda907210e7367f6d72225f78399a4a3fc9bfd0cce9.a3424259-9534-486a-bfe9-6a2b39aa70e5 /usr/share/wordlists/rockyou.txt` – SomeGuy Mar 07 '19 at 21:40
  • @SomeGuy it says seperator unmatched no hashes loaded for me – n00b.exe Mar 07 '19 at 22:04
  • 1
    @n00b.exe - The default hash/salt separator is the colon, for historical `/etc/shadow` file format reasons, but also because a colon rarely appears in most hash formats. So `hash:salt` should work. If you want to use another separator, you can specify it with `-p` or `--separator`. – Royce Williams Mar 07 '19 at 22:06
  • @RoyceWilliams Thanks for the reply. Now I am getting Token Length Exception. I assume it doesn't udnerstand the salt format maybe? I am not sure. – n00b.exe Mar 07 '19 at 22:22
0

To run hashcat on a common VPS without GPU (For example AWS)

docker run --rm -it dizcza/docker-hashcat:intel-cpu \
hashcat -a 3 -m 1710 -w 4 --status --status-timer 10 \
6ce9a7c73ebf0c04db026fda907210e7367f6d72225f78399a4a3fc9bfd0cce9:a3424259-9534-486a-bfe9-6a2b39aa70e5 \
"[[[Your dictionary file or hcmask pattern here]]]"

brief explanation: -a 3 attack mode: bruteforce. -m 1710 for algorithm sha512($pass.$salt). -w 4 use all computational resources and highest priority (may freeze your desktop). hash and salt is specified with <hash>:<salt> pattern.

hcmask format is described in mask_attack [hashcat wiki] . For example, if you want to bruteforce a common 8-digits passwords from 00000000 to 99999999, the corresponding hcmask is ?d?d?d?d?d?d?d?d, which could be used directly as the last parameter of command line above.

If you have a workstation with NVIDIA GPUs, replace the following parts in the command line above:

  • replace docker with nvidia-docker
  • replace dizcza/docker-hashcat:intel-cpu with dizcza/docker-hashcat:latest

You may refer to docker-hashcat Dockerhub for versions for specific hardwares.

ttimasdf
  • 111
  • 3