Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 May 2019 09:34:30 +1000
From: Jason Thomas <jason.e.thomas@...il.com>
To: john-users@...ts.openwall.com
Subject: SSHA256 (32bit hash, 32bit salt)

Hi,

Can someone help me work out how to handle this format in JTR.

I tried dynamic_62 and it did not find any hashes.

Example hash below:
userid:password_hash
9430645:{SSHA256}qtLYMs6YUpOlgtjBFTlDpLZ/V0Or6nHhfEgx5h9W6JfnBP0YqBMlMN2dmp7ARN3GNDmhe2l7nNOxnSvlQN3R8w==

Password is Abcd1234!

I think the issue is the salt is 32bit.

Here's some Perl that I can use to test a single password:
$password_line =
'{SSHA256}qtLYMs6YUpOlgtjBFTlDpLZ/V0Or6nHhfEgx5h9W6JfnBP0YqBMlMN2dmp7ARN3GNDmhe2l7nNOxnSvlQN3R8w==';
$pass_test = 'Abcd1234!';
($hashed_pw, $salt) = unpack("a32 a*", decode_base64($password_line));
$hashed_test = sha256($pass_to_test . $salt);
if ($hashed_pw eq $hashed_test)  {
   print "Password Correct\n";
}

Any help appreciated.

Thanks.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.