Hashcat passwordcracking separator unmatched

  • I have the task to crack a bunch of passwords like:

    • $1$V5l3qvml$Q.fDn30gGhjcEIZH8utah/
    • $1$DcuX.dRK$bR4utyGQ4ET4sobpMMtfo0
    • $1$WbXWIqFu$Qu1fT/MmTIvSUz4xw4mlI0
    • $1$8Y7TfkZ5$LnuF99mgFbV1wvQ61dMZB1

    I was only told that these were Linux-like encrypted (I have removed the username: from the front, e.g. sBerhhard: and ::1:0:1:1::: from the end). I have read here that these are shadow style password hashes. Furthermore, I have tried to use hashcat 0.49 to crack these passwords. However, when trying the following command I got the following result and I cannot figure out why:

    hashcat-cli64 -m 10 -o found.txt ..\..\1 dictionaries\Top10000.dic
    

    enter image description here

    I have also tried the example from here, and it worked, so I probably have an error in the command.

    enter image description here

    I am using the dictionary of InsidePro. Am I using the right m parameter (md5($pass.$salt))? If not, what would be the proper one?

  • Daniel

    Daniel Correct answer

    6 years ago

    I believe those hashes are MD5(Unix) format, so -m500. You can compare your hashes to the ones here: hashcat.net/wiki/doku.php?id=example_hashes.

    By the way, $1$DcuX.dRK$bR4utyGQ4ET4sobpMMtfo0:bb

    Thank you for the link. However, I don't quite understand why :bb at the end. I have stated in my post that I have removed ::1:0:1:1::: from the end of each of the passwords.

    When I tested to make sure I had the right format I put the hashes into hashcat and it cracked one with a password of bb, so I posted it in the hash:plain format.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM