quickquestionthanks
Active member
Hey guys, i dont need a hash cracked, but i would really appreciate if someone could tell me what type of settings/formatting i should use to begin hitting these with hashcat.
25$ REWARD IN BITCOIN FOR AN ANSWER
So i already know a decent amount about it but theres one issue I'm having which i will bring up shortly.
So i'm trying to crack a mediawiki password that seems to follow the exact format defined here: https://www.mediawiki.org/wiki/Manual:User_table#user_password
[quote from link above]
"The string ":pbkdf2:".
The hashing algorithm used inside the pbkdf2 layer, by default "sha512".
The colon character (":").
The cost for this algorithm, by default "30000".
The colon character (":").
The length of the derived key; "64" by default.
The colon character (":").
Base64 encoded "salt" of the hashing algorithm, e.g. "kkdejKlBYFV7+LP2m2thYA=="
The colon character (":").
And finally the base64 encoded result of the hashing algorithm (that had a (default) length of 128 byte before base64 encoding). The hash of the plain text user password."
Here is an example of a hash i would like to crack
:pbkdf2:sha512:30000:64:pTZbnTciQe0ZgnSp3pkIWg==:xPFTrQagJw1kfDv1k0jBiTUTPFKxuvpyLQj0qA6I3UT++z5wnZeOGuitkvCtdVrvrXCQbOeHMKOZj3P0zrYlcA==
There's two issues i'm having.
1. It says that the salt ans hash are base64 encoded, but doesnt base64 not include + and / and stuff? i cant get any meaningful base64 decode from one of these. Does anyone have any insight on this? i've seen similar hashes being posted and cracked on here but without details regarding how.
2. What is the format to put into hashcat/what hash type is it? Because i know sometimes you need to change seperators into $ (e.g. :pbkdf2:sha512:30000:[...] becomes $pbkdf2$sha512$30000$[...])
I hope this post makes sense. Here are some additional hashes in case anyone wants a bigger dataset to test on but i dont need them cracked, i have an 12 x 1070 setup. if this is the wrong section I'm sincerely sorry and i will post in the right section and delete my post.
:pbkdf2:sha512:30000:64:9e9Z1U5/pTf4N6ROxlfozA==:rIicKd08KVoP+SGixqWCdHQV0/ZCBeBEzIEQqDoCgQjLg+DUzJrJuhRyQJmYILkmpZ6UwGbd6RwezFncZFqx0g==
:pbkdf2:sha512:30000:64:7zB8/31ZssqpXMN0bNbUmw==:xLOWo9Hurd1RmXFSvUiFpzXuvHSb9rLQUNJjeBIysvLl1Ek5Pl6MVq9Z0NsIpmYuisawFc2yEThFm92j111/+g==
:pbkdf2:sha512:30000:64:t+eZfNd1AA8ylFSsq9UWkw==:lyWLL/UP81sVghkSz8lY7fJSgRgb8QEcAw6w9fU5OGNfn3zSsxRWCcgrZ0QCnNcA5qr81AXYhrQfQwVWhgERTQ==
:pbkdf2:sha512:30000:64:1lG7/L9CEI6YAlggOo3RNw==:oJ2Wq073+R8SulmpncQDmyNCMyUE8YT0v6vM07780tw0vn7A/6b+VTF9cz9DPcNQ+zw9Uhez7J+Atn8ehy+TrQ==
:pbkdf2:sha512:30000:64:de16p4iX6YXtwRzlum1nvQ==:evTVQ3E97XgsF8DNt7Z+XSpnyt/1P3c8Kp98IVZmsFNfsAEUnI2233QIo/NBgDdVghNsnKjMCdPNB1vCwzsJ/w==
:pbkdf2:sha512:30000:64:bZi2FTrLhAW7So2kuf3FCQ==:mCWwWtXIqaGb+1aKxJ9u5QnS0bA/R4w8P6bhbgFM2+6DKLWYex9/H4t5wr0KReg/G2gFkypRko54tDeYRKuJ5Q==
:pbkdf2:sha512:30000:64:yRQwihex0HO62ctGFQBPJA==:GbJEZYWlcPEnh5HYCv/r5gBApksbDAF0dsDc6cO5xG4h7SOEtMdUUKUYfxpemZiR30yafJrE52+hXW/Pg2IRDQ==
:pbkdf2:sha512:30000:64:+FxrSSeEtWpccAkyjVGOBg==:+ZxlHz2B2s6jkKZmSUtdJUkkGLO23YS9B6ocPBJYgi4aIa3J3nalR6maQxyR7pHG7tB1q3VUNu/meNRVuYoxnA==
:pbkdf2:sha512:30000:64:sVuXGx8lAtmKZcD6zelf5w==:nNJ7a2gLLvugzSiaTtabpAnXWzE4MMIFXIvbJYXFBx8csSaDoiesY1tDw3GMnDQ7mAGDwuZcz7doaE7ud9Pzlg==
Putting sVuXGx8lAtmKZcD6zelf5w== into a base64 decoder gives me a bunch of crazy characters which makes me believe I'm not doing this correctly. e.g. ^^ becomes ±[%ÙeÀúÍé_ç when run through base64decode.org with utf-8 option (which I'm pretty sure it is utf-8)
So yeah all i need to know is how to get crackin on these hashes, even if its simply just changing a couple characters to make it fit hashcat. You dont even have to answer any of my questions if you can just provide a hashtype for hashcat and a correctly formatted hash. Please post or pm me your btc/bch/eth address and i will provide you with the reward.
Thanks and godspeed
25$ REWARD IN BITCOIN FOR AN ANSWER
So i already know a decent amount about it but theres one issue I'm having which i will bring up shortly.
So i'm trying to crack a mediawiki password that seems to follow the exact format defined here: https://www.mediawiki.org/wiki/Manual:User_table#user_password
[quote from link above]
"The string ":pbkdf2:".
The hashing algorithm used inside the pbkdf2 layer, by default "sha512".
The colon character (":").
The cost for this algorithm, by default "30000".
The colon character (":").
The length of the derived key; "64" by default.
The colon character (":").
Base64 encoded "salt" of the hashing algorithm, e.g. "kkdejKlBYFV7+LP2m2thYA=="
The colon character (":").
And finally the base64 encoded result of the hashing algorithm (that had a (default) length of 128 byte before base64 encoding). The hash of the plain text user password."
Here is an example of a hash i would like to crack
:pbkdf2:sha512:30000:64:pTZbnTciQe0ZgnSp3pkIWg==:xPFTrQagJw1kfDv1k0jBiTUTPFKxuvpyLQj0qA6I3UT++z5wnZeOGuitkvCtdVrvrXCQbOeHMKOZj3P0zrYlcA==
There's two issues i'm having.
1. It says that the salt ans hash are base64 encoded, but doesnt base64 not include + and / and stuff? i cant get any meaningful base64 decode from one of these. Does anyone have any insight on this? i've seen similar hashes being posted and cracked on here but without details regarding how.
2. What is the format to put into hashcat/what hash type is it? Because i know sometimes you need to change seperators into $ (e.g. :pbkdf2:sha512:30000:[...] becomes $pbkdf2$sha512$30000$[...])
I hope this post makes sense. Here are some additional hashes in case anyone wants a bigger dataset to test on but i dont need them cracked, i have an 12 x 1070 setup. if this is the wrong section I'm sincerely sorry and i will post in the right section and delete my post.
:pbkdf2:sha512:30000:64:9e9Z1U5/pTf4N6ROxlfozA==:rIicKd08KVoP+SGixqWCdHQV0/ZCBeBEzIEQqDoCgQjLg+DUzJrJuhRyQJmYILkmpZ6UwGbd6RwezFncZFqx0g==
:pbkdf2:sha512:30000:64:7zB8/31ZssqpXMN0bNbUmw==:xLOWo9Hurd1RmXFSvUiFpzXuvHSb9rLQUNJjeBIysvLl1Ek5Pl6MVq9Z0NsIpmYuisawFc2yEThFm92j111/+g==
:pbkdf2:sha512:30000:64:t+eZfNd1AA8ylFSsq9UWkw==:lyWLL/UP81sVghkSz8lY7fJSgRgb8QEcAw6w9fU5OGNfn3zSsxRWCcgrZ0QCnNcA5qr81AXYhrQfQwVWhgERTQ==
:pbkdf2:sha512:30000:64:1lG7/L9CEI6YAlggOo3RNw==:oJ2Wq073+R8SulmpncQDmyNCMyUE8YT0v6vM07780tw0vn7A/6b+VTF9cz9DPcNQ+zw9Uhez7J+Atn8ehy+TrQ==
:pbkdf2:sha512:30000:64:de16p4iX6YXtwRzlum1nvQ==:evTVQ3E97XgsF8DNt7Z+XSpnyt/1P3c8Kp98IVZmsFNfsAEUnI2233QIo/NBgDdVghNsnKjMCdPNB1vCwzsJ/w==
:pbkdf2:sha512:30000:64:bZi2FTrLhAW7So2kuf3FCQ==:mCWwWtXIqaGb+1aKxJ9u5QnS0bA/R4w8P6bhbgFM2+6DKLWYex9/H4t5wr0KReg/G2gFkypRko54tDeYRKuJ5Q==
:pbkdf2:sha512:30000:64:yRQwihex0HO62ctGFQBPJA==:GbJEZYWlcPEnh5HYCv/r5gBApksbDAF0dsDc6cO5xG4h7SOEtMdUUKUYfxpemZiR30yafJrE52+hXW/Pg2IRDQ==
:pbkdf2:sha512:30000:64:+FxrSSeEtWpccAkyjVGOBg==:+ZxlHz2B2s6jkKZmSUtdJUkkGLO23YS9B6ocPBJYgi4aIa3J3nalR6maQxyR7pHG7tB1q3VUNu/meNRVuYoxnA==
:pbkdf2:sha512:30000:64:sVuXGx8lAtmKZcD6zelf5w==:nNJ7a2gLLvugzSiaTtabpAnXWzE4MMIFXIvbJYXFBx8csSaDoiesY1tDw3GMnDQ7mAGDwuZcz7doaE7ud9Pzlg==
Putting sVuXGx8lAtmKZcD6zelf5w== into a base64 decoder gives me a bunch of crazy characters which makes me believe I'm not doing this correctly. e.g. ^^ becomes ±[%ÙeÀúÍé_ç when run through base64decode.org with utf-8 option (which I'm pretty sure it is utf-8)
So yeah all i need to know is how to get crackin on these hashes, even if its simply just changing a couple characters to make it fit hashcat. You dont even have to answer any of my questions if you can just provide a hashtype for hashcat and a correctly formatted hash. Please post or pm me your btc/bch/eth address and i will provide you with the reward.
Thanks and godspeed