I have passwords that are stored by:
- Generating a random, 36-character "string" in the range of CHAR(1) to CHAR(256)
- Appending this to the entered password
- Retrieving the SHA512 hash of the result
So, 'password' could have the string ³{ó‘#«,IýD÷¸Eâ‘Óá appended to it (hex representation: 0x04B37BF39123AB2C49FD44F7B845E291D3E1004DB8B2E460AE6E2438FB27B70AF5E1C709)
And then hashed. This is all done in SQL Server, if it matters, but the point is that the hash is a string that will (frequently) contain junk characters that aren't well represented and I think are messing with hashcat reading the input file in.
I then end up with:
0xF2CCA232766DE6F048F758044451EA1E667FC6587C578AF472C97F3CE3B929B76A7B2842953DCF7B6C63638A58794BC3BCC4DF7CB6783A3E8D18AB2BE056F0ED
as the generated, salted, hashed representation of "password".
I'm struggling to work out how to present this form of salt to hashcat; the examples I can find and have tried to run through hashcat, have worked and if I put a "simple" salt in and generate it, it'll correctly work out the result.
so, my input file looks like:
6AA4C7EC30802E51C2A2B35AA5B082D5CB191411C27B01A2BEE6A799B0D9EC39829489F99C679AA7F056F676429041ED6BCA6C63C657C87F4E4BB68C59AD345B:salted
F2CCA232766DE6F048F758044451EA1E667FC6587C578AF472C97F3CE3B929B76A7B2842953DCF7B6C63638A58794BC3BCC4DF7CB6783A3E8D18AB2BE056F0ED:³{ó‘#«,IýD÷¸Eâ‘Óá
and a dictionary file containing just "password" -- it retrieves #1 but not #2.
Can anyone advise?
