SHA-1 Cracking: Unique Salt Handling

G5 Cyber Security

2 weeks ago

TL;DR

Hashcat is the best tool for cracking SHA-1 hashes with unique pre and post salts. It’s highly configurable, supports various attack modes, and offers excellent performance, especially when used with a powerful GPU.

Cracking SHA-1 Hashes with Unique Salts

This guide focuses on cracking SHA-1 hashes where each hash has a different salt applied before *and* after the hashing process. This is more complex than standard SHA-1 cracking, but Hashcat provides the tools to handle it effectively.

Step 1: Understanding the Salt Structure

Before you start, you need to know the structure of your salts. Are they random strings? Fixed length? Do they come from a database or file? Knowing this will influence how you prepare your attack.

Step 2: Preparing Your Wordlist(s)

Basic Wordlist: Start with a common password list (e.g., rockyou.txt).
Salt Combination: If the salts are predictable, create wordlists containing salt combinations. For example, if you have pre-salts and post-salts in separate files, you might need to combine them programmatically. A simple Python script can help:
```
with open('pre_salts.txt', 'r') as f1, open('post_salts.txt', 'r') as f2:
    for pre_salt in f1:
        for post_salt in f2:
            print(pre_salt.strip() + "password" + post_salt.strip())
```
Masks: If the salts have a known pattern but some variability, use Hashcat masks (see Step 5).

Step 3: Installing and Configuring Hashcat

Download Hashcat from https://hashcat.net/. Ensure you have a compatible GPU (Nvidia is generally recommended) and the latest drivers installed.

Step 4: The Basic Hashcat Command

The core command structure for cracking SHA-1 with salts looks like this:

hashcat -m 1600 hashfile.txt wordlist.txt

-m 1600 specifies the SHA-1 algorithm.

Step 5: Handling Unique Pre and Post Salts with Rules

Hashcat rules are powerful for manipulating your wordlists to account for salts. The most useful rule is Rule #3, which prepends and appends data to each password candidate.

Create a Rule File: Create a file (e.g., rules/salt_rule.rule) with the following content:
```
$pre_salt = "your_pre_salt";
$post_salt = "your_post_salt";
$plen = strlen($password);
$pfx = $pre_salt;
$psf = $post_salt;
$rule1 = $pfx . $password . $psf;
```
Replace "your_pre_salt" and "your_post_salt" with the actual salt values. If you have multiple salts, you’ll need more complex rule logic (see below).

Run Hashcat with the Rule:

hashcat -m 1600 hashfile.txt wordlist.txt -r rules/salt_rule.rule

Step 6: Advanced Salt Handling (Multiple Salts)

If you have a large number of salts, using separate rule files for each combination becomes impractical. Consider these approaches:

Masks: Use Hashcat masks to generate all possible salt combinations directly within the command line.
```
hashcat -m 1600 hashfile.txt ?a?a?a?a?a?a wordlist.txt
```
(This example assumes a 6-character salt, where ‘a’ represents any character.) Adjust the mask length and characters as needed.
External Scripting: Write a script to generate a massive wordlist containing all salt combinations before running Hashcat. This is resource intensive but can be effective for limited salt spaces.

Step 7: Optimizing Performance

GPU Usage: Ensure Hashcat is utilizing your GPU fully. Monitor GPU usage during cracking.
Attack Mode: Experiment with different attack modes (e.g., brute-force, dictionary). The best mode depends on the complexity of the passwords and salts.
Hash Type: Double-check that you’re using the correct hash type (-m 1600 for SHA-1).