Hi,
I'm analyzing the password algorithm used by an open source CMS system. I've searched the wiki and studied the help information but can't find the hash format to use.
I know the algo is SHA256 computed on plaintext+salt.
Here's the actual implementation in the source in c#:
Usage would be
string passwordHash = GeneratePasswordHash("1234", GenerateHashSalt());
I've creatad a new user in the CMS with the password "1234" and the hash and salt is
hash = UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=
salt = rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
I would expect the hash mode is 1410 sha256($hash.$salt)
When I try to run hashcat using a simple wordlist it gives me a hash encoding exception
...
Hashfile 'c:\Temp\myhashes.txt' on line 1 (´╗┐Uoj...rapx877Zal8tJwS/xt+m5P8lsoMt2mm3): Hash-encoding exception
No hashes loaded
I've tried these formats but I keep getting a format exception:
$UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=.$rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=:rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
What am I doing wrong here?
Cheers
I'm analyzing the password algorithm used by an open source CMS system. I've searched the wiki and studied the help information but can't find the hash format to use.
I know the algo is SHA256 computed on plaintext+salt.
Here's the actual implementation in the source in c#:
Code:
static string GeneratePasswordHash(string password, byte[] salt)
{
using (var algorithm = new SHA256Managed())
{
byte[] plainText = Encoding.UTF8.GetBytes(password);
byte[] arr = new byte[plainText.Length + salt.Length];
plainText.CopyTo(arr, 0);
salt.CopyTo(arr, plainText.Length);
return Convert.ToBase64String(algorithm.ComputeHash(arr));
}
}
static byte[] GenerateHashSalt()
{
using (var cs = new RNGCryptoServiceProvider())
{
var salt = new byte[24];
cs.GetBytes(salt);
return salt;
}
}Usage would be
string passwordHash = GeneratePasswordHash("1234", GenerateHashSalt());
I've creatad a new user in the CMS with the password "1234" and the hash and salt is
hash = UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=
salt = rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
I would expect the hash mode is 1410 sha256($hash.$salt)
When I try to run hashcat using a simple wordlist it gives me a hash encoding exception
Code:
> hashcat64.exe -a 0 -m 1410 c:\Temp\myhashes.txt c:\Temp\dict.txtHashfile 'c:\Temp\myhashes.txt' on line 1 (´╗┐Uoj...rapx877Zal8tJwS/xt+m5P8lsoMt2mm3): Hash-encoding exception
No hashes loaded
I've tried these formats but I keep getting a format exception:
$UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=.$rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
UojnvzRwPa7I9miZM3SB5cVcd2reD1GXE4aKIoeYLCI=:rapx877Zal8tJwS/xt+m5P8lsoMt2mm3
What am I doing wrong here?
Cheers