Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 11:56:43 +0100
From: Patrick Proniewski <p+password@...atpro.net>
To: john-users@...ts.openwall.com
Subject: reconstruct usable hash from separate hash and salt

Hi,

I've got a dump of Salted SHA1 hashes, but unfortunately the salt is not attached to the hash.
For example:

	hash of salt.password: B4A2E194AF922B03470C8D17B5613DC2DE912727
	salt: 1357926
	password: dwayne

I've tried to recreate a hash that john can understand:

	./hextoraw.pl 31333537393236B4A2E194AF922B03470C8D17B5613DC2DE912727 | base64 -e
	MTM1NzkyNrSi4ZSvkisDRwyNF7VhPcLekScnCg==

where 31333537393236 is hex of salt.

yielding to this password file:

	login:{SSHA}MTM1NzkyNrSi4ZSvkisDRwyNF7VhPcLekScnCg==

Then I've tried to crack it, and failed:

	./john --session=toto /tmp/toto --wordlist=/tmp/dwayne --pot=toto.pot            
	Using default input encoding: UTF-8
	Loaded 1 password hash (Salted-SHA1 [SHA1 128/128 AVX 4x])
	Press 'q' or Ctrl-C to abort, almost any other key for status
	0g 0:00:00:00 DONE (2016-11-11 11:44) 0g/s 21.33p/s 21.33c/s 21.33C/s dwayne
	Session completed

I guess I've failed to reconstruct the SSHA hash, but I don't know how to fix that... Any idea?

patpro

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.