[25$ reward] Need help in formatting/modifying Mediawiki pbkdf2:sha512 hashes

quickquestionthanks

Active member
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
33
Reaction score
0
Credits
0
Hey guys, i dont need a hash cracked, but i would really appreciate if someone could tell me what type of settings/formatting i should use to begin hitting these with hashcat.

25$ REWARD IN BITCOIN FOR AN ANSWER

So i already know a decent amount about it but theres one issue I'm having which i will bring up shortly.

So i'm trying to crack a mediawiki password that seems to follow the exact format defined here: https://www.mediawiki.org/wiki/Manual:User_table#user_password
[quote from link above]
"The string ":pbkdf2:".
The hashing algorithm used inside the pbkdf2 layer, by default "sha512".
The colon character (":").
The cost for this algorithm, by default "30000".
The colon character (":").
The length of the derived key; "64" by default.
The colon character (":").
Base64 encoded "salt" of the hashing algorithm, e.g. "kkdejKlBYFV7+LP2m2thYA=="
The colon character (":").
And finally the base64 encoded result of the hashing algorithm (that had a (default) length of 128 byte before base64 encoding). The hash of the plain text user password."

Here is an example of a hash i would like to crack

:pbkdf2:sha512:30000:64:pTZbnTciQe0ZgnSp3pkIWg==:xPFTrQagJw1kfDv1k0jBiTUTPFKxuvpyLQj0qA6I3UT++z5wnZeOGuitkvCtdVrvrXCQbOeHMKOZj3P0zrYlcA==

There's two issues i'm having.

1. It says that the salt ans hash are base64 encoded, but doesnt base64 not include + and / and stuff? i cant get any meaningful base64 decode from one of these. Does anyone have any insight on this? i've seen similar hashes being posted and cracked on here but without details regarding how.

2. What is the format to put into hashcat/what hash type is it? Because i know sometimes you need to change seperators into $ (e.g. :pbkdf2:sha512:30000:[...] becomes $pbkdf2$sha512$30000$[...])


I hope this post makes sense. Here are some additional hashes in case anyone wants a bigger dataset to test on but i dont need them cracked, i have an 12 x 1070 setup. if this is the wrong section I'm sincerely sorry and i will post in the right section and delete my post.

:pbkdf2:sha512:30000:64:9e9Z1U5/pTf4N6ROxlfozA==:rIicKd08KVoP+SGixqWCdHQV0/ZCBeBEzIEQqDoCgQjLg+DUzJrJuhRyQJmYILkmpZ6UwGbd6RwezFncZFqx0g==
:pbkdf2:sha512:30000:64:7zB8/31ZssqpXMN0bNbUmw==:xLOWo9Hurd1RmXFSvUiFpzXuvHSb9rLQUNJjeBIysvLl1Ek5Pl6MVq9Z0NsIpmYuisawFc2yEThFm92j111/+g==
:pbkdf2:sha512:30000:64:t+eZfNd1AA8ylFSsq9UWkw==:lyWLL/UP81sVghkSz8lY7fJSgRgb8QEcAw6w9fU5OGNfn3zSsxRWCcgrZ0QCnNcA5qr81AXYhrQfQwVWhgERTQ==
:pbkdf2:sha512:30000:64:1lG7/L9CEI6YAlggOo3RNw==:oJ2Wq073+R8SulmpncQDmyNCMyUE8YT0v6vM07780tw0vn7A/6b+VTF9cz9DPcNQ+zw9Uhez7J+Atn8ehy+TrQ==
:pbkdf2:sha512:30000:64:de16p4iX6YXtwRzlum1nvQ==:evTVQ3E97XgsF8DNt7Z+XSpnyt/1P3c8Kp98IVZmsFNfsAEUnI2233QIo/NBgDdVghNsnKjMCdPNB1vCwzsJ/w==
:pbkdf2:sha512:30000:64:bZi2FTrLhAW7So2kuf3FCQ==:mCWwWtXIqaGb+1aKxJ9u5QnS0bA/R4w8P6bhbgFM2+6DKLWYex9/H4t5wr0KReg/G2gFkypRko54tDeYRKuJ5Q==
:pbkdf2:sha512:30000:64:yRQwihex0HO62ctGFQBPJA==:GbJEZYWlcPEnh5HYCv/r5gBApksbDAF0dsDc6cO5xG4h7SOEtMdUUKUYfxpemZiR30yafJrE52+hXW/Pg2IRDQ==
:pbkdf2:sha512:30000:64:+FxrSSeEtWpccAkyjVGOBg==:+ZxlHz2B2s6jkKZmSUtdJUkkGLO23YS9B6ocPBJYgi4aIa3J3nalR6maQxyR7pHG7tB1q3VUNu/meNRVuYoxnA==
:pbkdf2:sha512:30000:64:sVuXGx8lAtmKZcD6zelf5w==:nNJ7a2gLLvugzSiaTtabpAnXWzE4MMIFXIvbJYXFBx8csSaDoiesY1tDw3GMnDQ7mAGDwuZcz7doaE7ud9Pzlg==

Putting sVuXGx8lAtmKZcD6zelf5w== into a base64 decoder gives me a bunch of crazy characters which makes me believe I'm not doing this correctly. e.g. ^^ becomes ±[%ÙeÀúÍé_ç when run through base64decode.org with utf-8 option (which I'm pretty sure it is utf-8)

So yeah all i need to know is how to get crackin on these hashes, even if its simply just changing a couple characters to make it fit hashcat. You dont even have to answer any of my questions if you can just provide a hashtype for hashcat and a correctly formatted hash. Please post or pm me your btc/bch/eth address and i will provide you with the reward.

Thanks and godspeed
 

techtrip

3dfx Voodoo4 x 2
Contributor
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
4,185
Reaction score
1,114
Credits
2,158
Hashcat mode: 12100

PBKDF2-HMAC-SHA512
Example:
sha512:1000:ODQyMDEwNjQyODY=:MKaHNWXUsuJB3IEwBHbm3w==
 

quickquestionthanks

Active member
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
33
Reaction score
0
Credits
0
techtrip said:
Hashcat mode: 12100

PBKDF2-HMAC-SHA512
Example:
sha512:1000:ODQyMDEwNjQyODY=:MKaHNWXUsuJB3IEwBHbm3w==

give me one moment and let me try it that out. How come the last part of the hash is significantly longer than the example posted? appreciate the help and brb
 

techtrip

3dfx Voodoo4 x 2
Contributor
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
4,185
Reaction score
1,114
Credits
2,158
Just looks like a longer salt. You won't be able to use an optimized kernel. In other words don't use "-O" in your command line.
 

techtrip

3dfx Voodoo4 x 2
Contributor
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
4,185
Reaction score
1,114
Credits
2,158
Attached are your hashes. Use this command:

hashcat -m12100 1.txt -w4 -a0 wordlist.txt
 

techtrip

3dfx Voodoo4 x 2
Contributor
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
4,185
Reaction score
1,114
Credits
2,158
Yes and thanks for your generosity! I'm running those few hashes and I'll let you know if I get any hits. If you need help with any more just let me know.
 

quickquestionthanks

Active member
Feedback: 0 / 0 / 0
Joined
Dec 30, 2019
Messages
33
Reaction score
0
Credits
0
txid: dbb5abfc2f4eb8245fba03367e489158c0d2b196fe176f8848f325133d501999

sent 40$ for your over the top kindness. really appreciate it. i have about 2700 hashes and if i run them for a couple hours without a single hit i will see if theres any issues in the setup.
 
Top