Re: How to encode/decode an SSHA256 hash?

Crunch on $salt.$password:

#! /usr/bin/perl

use Digest::SHA 'sha256';
use MIME::Base64;

use Data::Dumper;
$Data::Dumper::Useqq = 1;

my ($hash, $salt) = unpack("a32 a*", decode_base64("KGOnPYya2qwhF9w4xK
+157EZZ/RqIxParohltZWU7h2T/VGjNRA=="));
print Dumper {SALT => $salt, DIGEST => $hash};

my $guess = "VMware1234!";
print Dumper {SALT => $salt, DIGEST => sha256($salt . $guess), TEST =>
+ $guess};
[download]

Comment on Re: How to encode/decode an SSHA256 hash? Select or Download Code

Replies are listed 'Best First'.
Re^2: How to encode/decode an SSHA256 hash? by FloydATC (Deacon) on Nov 20, 2014 at 11:08 UTC
This is EXACTLY what I was looking for, thank you so much!! Because I'm 99% sure I know the last few characters, my bruteforcer now looks like this: #!/usr/bin/perl use Digest::SHA 'sha256'; use MIME::Base64; use Data::Dumper; $Data::Dumper::Useqq = 1; #my $target = "KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=="; +# VMware1234! my $target = "(my actual hash goes here)"; # Unknown my ($hash, $salt) = unpack("a32 a", decode_base64($target)); my $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU +VWXYZ.,-_\|!#%=+?'"; my $base = length($chars); my $guess = ""; my $known = "(the known part of the password goes here)"; my $count = -1; while (1) { my $digest = sha256($salt . $guess . $known); if ($digest eq $hash) { print "Password: '$guess$known'\n"; exit; } $count++; my $temp = $count; $guess = ""; while ($temp) { $guess = substr($chars, ($temp % $base), 1) . $guess; $temp = int($temp / $base); } print "Searching for $target: ($count) '$guess$known'\n" unless $cou +nt % 1000000; } [download] -- FloydATC Time flies when you don't know what you're doing	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: How to encode/decode an SSHA256 hash?
by FloydATC (Deacon) on Nov 20, 2014 at 11:08 UTC

This is EXACTLY what I was looking for, thank you so much!!

Because I'm 99% sure I know the last few characters, my bruteforcer now looks like this:

#!/usr/bin/perl

use Digest::SHA 'sha256';
use MIME::Base64;

use Data::Dumper;
$Data::Dumper::Useqq = 1;

#my $target = "KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=="; 
+# VMware1234!
my $target = "(my actual hash goes here)"; # Unknown
my ($hash, $salt) = unpack("a32 a*", decode_base64($target));


my $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU
+VWXYZ.,-_|!#%=+?'*";
my $base = length($chars);
my $guess = "";
my $known = "(the known part of the password goes here)";
my $count = -1;

while (1) {
  
  my $digest = sha256($salt . $guess . $known);
  if ($digest eq $hash) {
    print "Password: '$guess$known'\n";
    exit;
  }

  $count++;
  my $temp = $count;
  $guess = "";
  while ($temp) {
    $guess = substr($chars, ($temp % $base), 1) . $guess;
    $temp = int($temp / $base);
  }
  
  print "Searching for $target: ($count) '$guess$known'\n" unless $cou
+nt % 1000000;
}
[download]

-- FloydATC

Time flies when you don't know what you're doing

[reply]
[d/l]