Users
administrator
richard
emily
user1
mack
PASSWORD :
1bf0a9561cf076c5fc0d76e140788a91b5281609c384791839fd6e9996d3bbf5c91b8eee6bd5081e42085ed0be779c2ef86d
4b4b53766fe946e7e291b106fcd6f4962934116ec9ac78a99b3bf6b06cf8568aaedd267ec02b39aeb244d83fb8b89c243b5e
97907280dc24fe517c43475bd218bfad56c25d4d11037d8b6da440efd4d691adfead40330b2aa6aaf1f33621d0d73228fc16
ed965f6fe844c3154e5967478717e6a7e7551f4d0067c5971bb6e01642e0d6d3f65bdb5b95fff896c2c3aa906710a246aef2
98bbf4f3efe4320d06c72644f24f736f6c103b268807574fa557109afc59d89500117fc51519ee860f64b7e839f2c478ceb3
SALT: 
a45c43d36dce3076158b19c2c696ef7b
d7cf2c96277dd16d95ed5c33bb524b62
227d873cca89103cd83a976bdac52486
595c96f4fd14b967d280d55d5d64444d
e97f5fa922e70c65094eba6450f0ef15
Hey guys, I'm trying to pass this level on HTB but I can't find the error in the formation of the hash

He would be ? Hashcat

User:5000:salt:hash

admin:5000:a45c43d36dce3076158b19c2c696ef7b:1bf0a9561cf076c5fc0d76e140788a91b5281609c384791839fd6e9996d3bbf5c91b8eee6bd5081e42085ed0be779c2ef86d

Following the post I saw on the internet, he makes a script in Python and uses sha256 and it works and he gets Emily's pass.

I wanted to try using hashcat or jonhrriper

hashcat -m 10900 -a 0 hashes.txt rockyou.txt
I would like to know where the error is in the formation of the hash. To help you, I'm going to use the username(emily) and pass(12345678)

 pbkdf2$50000$50



emily:5000:227d873cca89103cd83a976bdac52486:97907280dc24fe517c43475bd218bfad56c25d4d11037d8b6da440efd4d691adfead40330b2aa6aaf1f33621d0d73228fc



I just need this to run on hashcat
descobri o erro  pbkdf2$50000$50 é Simples temos de formatar o Salt e hash

 user:<iterações>:<base64_salt>:<base64_hash>

ou

sha256:<iterações>:<base64_salt>:<base64_hash>

Converter hash and sal script 

 import base64

def hex_to_base64(hex_string):
    """Converte uma string hexadecimal para Base64."""
    return base64.b64encode(bytes.fromhex(hex_string)).decode('utf-8')

# Solicita os dados ao usuário
iterations = input("Digite o número de iterações: ")
hex_salt = input("Digite o salt em hexadecimal: ")
hex_hash = input("Digite o hash em hexadecimal: ")

# Converte o salt e o hash para Base64
base64_salt = hex_to_base64(hex_salt)
base64_hash = hex_to_base64(hex_hash)

# Exibe o resultado no formato desejado
formatted_string = f"sha256:{iterations}:{base64_salt}:{base64_hash}"
print("String formatada:", formatted_string)

hashcat 

sudo hashcat -m 10900 -a 0 -w 3 -O sha256:50000:In2HPMqJEDzYOpdr2sUkhg==:l5BygNwk/lF8Q0db0hi/rVbCXU0RA32LbaRA79TWka3+rUAzCyqmqvHzNiHQ1zIo/BY= rockyou.txt 


 
Responder

Volver a “Dudas y Preguntas”