Posts: 7
Threads: 0
Joined: Dec 2023
(Jan 07, 2024, 04:53 PM)hackwell Wrote: (Jan 07, 2024, 11:22 AM)haventdiedyet Wrote: (Jan 07, 2024, 10:53 AM)Kli Wrote: (Jan 07, 2024, 10:41 AM)AZUR Wrote: (Jan 07, 2024, 10:28 AM)peRd1 Wrote: The salt is there in its initial form. Just need to use that right as it is. The hash needs to be reconverted to hex, then cracked.
That's exacly what you need to do.
what's the salt,my mind is gonna blow up ,i have been on this challenge for 5houres i thought about kms many times
This is the code I used to crack the password since python do not support SHA like in java it is referred as sha1 in python
import hashlib
import base64
import os
def cryptBytes(hash_type, salt, value):
if not hash_type:
hash_type = "SHA"
if not salt:
salt = base64.urlsafe_b64encode(os.urandom(16)).decode('utf-8')
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
result = f"${hash_type}${salt}${base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')}"
return result
def getCryptedBytes(hash_type, salt, value):
try:
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
return base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')
except hashlib.NoSuchAlgorithmException as e:
raise Exception(f"Error while computing hash of type {hash_type}: {e}")
hash_type = "SHA1"
salt = "d"
search = "$SHA1$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I="
wordlist = '/usr/share/wordlists/rockyou.txt'
with open(wordlist,'r',encoding='latin-1') as password_list:
for password in password_list:
value = password.strip()
hashed_password = cryptBytes(hash_type, salt, value.encode('utf-8'))
# print(hashed_password)
if hashed_password == search:
print(f'Found Password:{value}, hash:{hashed_password}')
This worked, although I'm confused on how you would do this using cyberchef + hashcat. Any step by step guide?
this is a trick with base64.urlsafe_b64encode(). it replaces / by _ and + by - , thus the b64 is invalid and the hash length is not 40. Hashcat mode is 120.
this one cracks just fine : b8fd3f41a541a435857a8f3e751cc3a91c174362:d
WTF why "b8fd3f41a541a435857a8f3e751cc3a91c174362:d" is 120 instead of 110?
I read as PASS:SALT
hashcat --help
# HASHCAT id
# 110 sha1($pass.$salt)
# 120 sha1($salt.$pass)
Posts: 17
Threads: 0
Joined: Oct 2023
(Jan 10, 2024, 12:03 PM)fucksurveillance Wrote: (Jan 07, 2024, 04:53 PM)hackwell Wrote: (Jan 07, 2024, 11:22 AM)haventdiedyet Wrote: (Jan 07, 2024, 10:53 AM)Kli Wrote: (Jan 07, 2024, 10:41 AM)AZUR Wrote: what's the salt,my mind is gonna blow up ,i have been on this challenge for 5houres i thought about kms many times
This is the code I used to crack the password since python do not support SHA like in java it is referred as sha1 in python
import hashlib
import base64
import os
def cryptBytes(hash_type, salt, value):
if not hash_type:
hash_type = "SHA"
if not salt:
salt = base64.urlsafe_b64encode(os.urandom(16)).decode('utf-8')
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
result = f"${hash_type}${salt}${base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')}"
return result
def getCryptedBytes(hash_type, salt, value):
try:
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
return base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')
except hashlib.NoSuchAlgorithmException as e:
raise Exception(f"Error while computing hash of type {hash_type}: {e}")
hash_type = "SHA1"
salt = "d"
search = "$SHA1$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I="
wordlist = '/usr/share/wordlists/rockyou.txt'
with open(wordlist,'r',encoding='latin-1') as password_list:
for password in password_list:
value = password.strip()
hashed_password = cryptBytes(hash_type, salt, value.encode('utf-8'))
# print(hashed_password)
if hashed_password == search:
print(f'Found Password:{value}, hash:{hashed_password}')
This worked, although I'm confused on how you would do this using cyberchef + hashcat. Any step by step guide?
this is a trick with base64.urlsafe_b64encode(). it replaces / by _ and + by - , thus the b64 is invalid and the hash length is not 40. Hashcat mode is 120.
this one cracks just fine : b8fd3f41a541a435857a8f3e751cc3a91c174362:d
WTF why "b8fd3f41a541a435857a8f3e751cc3a91c174362:d" is 120 instead of 110?
I read as PASS:SALT
hashcat --help
# HASHCAT id
# 110 sha1($pass.$salt)
# 120 sha1($salt.$pass)
yep there might be an error in hashcat examples I guess
Posts: 7
Threads: 1
Joined: Oct 2023
(Jan 07, 2024, 10:53 AM)Kli Wrote: (Jan 07, 2024, 10:41 AM)AZUR Wrote: (Jan 07, 2024, 10:28 AM)peRd1 Wrote: (Jan 07, 2024, 10:25 AM)R3DEY3 Wrote: Still slightly confused about decrypting the hash, specifically the hashcat command I have the full hash, converted it to hex and trying to figure out the salt etc. Am I missing something or am I just stupid? The salt is there in its initial form. Just need to use that right as it is. The hash needs to be reconverted to hex, then cracked.
AZUR Wrote:that I can't crack I only understood that i needed to go on cyberchef and (from base64 then + in hex) That's exacly what you need to do.
what's the salt,my mind is gonna blow up ,i have been on this challenge for 5houres i thought about kms many times
This is the code I used to crack the password since python do not support SHA like in java it is referred as sha1 in python
import hashlib
import base64
import os
def cryptBytes(hash_type, salt, value):
if not hash_type:
hash_type = "SHA"
if not salt:
salt = base64.urlsafe_b64encode(os.urandom(16)).decode('utf-8')
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
result = f"${hash_type}${salt}${base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')}"
return result
def getCryptedBytes(hash_type, salt, value):
try:
hash_obj = hashlib.new(hash_type)
hash_obj.update(salt.encode('utf-8'))
hash_obj.update(value)
hashed_bytes = hash_obj.digest()
return base64.urlsafe_b64encode(hashed_bytes).decode('utf-8').replace('+', '.')
except hashlib.NoSuchAlgorithmException as e:
raise Exception(f"Error while computing hash of type {hash_type}: {e}")
hash_type = "SHA1"
salt = "d"
search = "$SHA1$d$uP0_QaVBpDWFeo8-dRzDqRwXQ2I="
wordlist = '/usr/share/wordlists/rockyou.txt'
with open(wordlist,'r',encoding='latin-1') as password_list:
for password in password_list:
value = password.strip()
hashed_password = cryptBytes(hash_type, salt, value.encode('utf-8'))
# print(hashed_password)
if hashed_password == search:
print(f'Found Password:{value}, hash:{hashed_password}')
Bro, I just used the following script and it returned what I needed... in case someone else needs it.
import base64
base64_str = "uP0/QaVBpDWFeo8+dRzDqRwXQ2I"
base64_str_padded = base64_str + '=' * (4 - len(base64_str) % 4)
decoded_bytes = base64.b64decode(base64_str_padded)
# Imprime la representación hexadecimal de los bytes decodificados
# Print the hexadecimal representation of the decoded bytes
print(decoded_bytes.hex())
Posts: 9
Threads: 0
Joined: Jan 2024
Jan 16, 2024, 03:48 PM
(This post was last modified: Jan 16, 2024, 03:50 PM by Nigga56.)
https://gchq.github.io/CyberChef/#recipe...RxUndYUTJJ
hashcat -m 120 -a0 'b8fd3f41a541a435857a8f3e751cc3a91c174362:d' /usr/share/wordlists/rockyou.txt
you can use the cyberchef to change the hash password part into crackable hash then hit with hashcat
|
