Cracking a truncated hash of type sha256(salt+pw+salt)

Question

I'm trying to crack a password, whose hash was formed by first concatenating a known salt, the password and and another known salt, then applying sha256 and then truncating that to 32 characters. So:

truncate(sha256(salt1 + pw + salt2)

How can I use JTR for example to help solve this?

Answer 1

The way I solved this is by editing an already present dynamic config in john the ripper jumbo. I opened dynamic.conf and edited dynamic_1029 to look like this:

[List.Generic:dynamic_1029]
Expression=sha256($p.$s) (hash truncated to length 32)
Flag=MGF_FLAT_BUFFERS
Flag=MGF_SALTED
SaltLen=16
MaxInputLen=110
MaxInputLenX86=110
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_salt
Func=DynamicFunc__SHA256_crypt_input1_to_output1_FINAL
Test=$dynamic_1029$698e7b93568798660235091abcb7883e$8ec3937e0c5068eb:Salver

So now it includes a salt and truncates the hash. Then the constant salt was achieved using the --mask command line parameter as well as the new format as such:

john --mask='[constant salt]?w' --format=dynamic_1029 hashlist.txt

The hash files must now be formatted like this:

username:hash$salt

Answer 2

I'm not aware of an attack tool that will currently do this without at least some external processing (which means reduced speed):

• hashcat supports the format (-m 22300), but doesn't check for truncation
• JtR appears to support the format (with a dynamic mode), but doesn't check for truncation
• MDXfind checks for truncation, but doesn't support the format

Since prepending and appending salts is basically just text manipulation, one option would be to use a script, or john or hashcat's --stdout option, to generate candidates, and then pipe them to MDXfind.