While trying to crack double-salted hashes (colon separated), hashtopolis won't parse the salts as needed.
e.g. hashcat module 3730 - md5($salt1.strtoupper(md5($salt2.$pass)))
hash is - a213e4cdc1f336f66ccdcb7d7f80f6cc:61646D696E3A3635343332313A:61646D696E3A4C6F67696E20746F20313233343536373A
When adding a task with the hash above, while agents tries to benchmark test, the hashlist is uploaded as -
a213e4cdc1f336f66ccdcb7d7f80f6cc 61646D696E3A3635343332313A:61646D696E3A4C6F67696E20746F20313233343536373A
Notice the hash (first field) is properly separated from the first salt (second field) with a tab delimiter, but the third field still has the colon as the separator.
The benchmark command for the agent is -
CALL: './hashcat.bin' --machine-readable --quiet --progress-only --restore-disable --potfile-disable --session=hashtopolis -p " " --hex-salt "/root/hashlists/301" "/root/files/wordlist-probable.txt" -r "/root/files/best64.rule" --hash-type=3730 -S -o "/root/hashlists/301.out"
Notice the separator is a TAB delimiter, hence rendering the benchmark test as a failure.
As seen in the agent's hashcat_cracker.php source -
args.append('-p')
args.append('"\t"')
A TAB delimiter is being used, which is just fine.
A solution would be - add support for double salted hashes :D
Version Information
Server 0.14.1, Agent 0.7.1.2
Hashcat
master
Description
While trying to crack double-salted hashes (colon separated), hashtopolis won't parse the salts as needed.
e.g. hashcat module 3730 - md5($salt1.strtoupper(md5($salt2.$pass))) hash is -
a213e4cdc1f336f66ccdcb7d7f80f6cc:61646D696E3A3635343332313A:61646D696E3A4C6F67696E20746F20313233343536373AWhen adding a task with the hash above, while agents tries to benchmark test, the hashlist is uploaded as -
a213e4cdc1f336f66ccdcb7d7f80f6cc 61646D696E3A3635343332313A:61646D696E3A4C6F67696E20746F20313233343536373ANotice the hash (first field) is properly separated from the first salt (second field) with a tab delimiter, but the third field still has the colon as the separator.
The benchmark command for the agent is -
CALL: './hashcat.bin' --machine-readable --quiet --progress-only --restore-disable --potfile-disable --session=hashtopolis -p " " --hex-salt "/root/hashlists/301" "/root/files/wordlist-probable.txt" -r "/root/files/best64.rule" --hash-type=3730 -S -o "/root/hashlists/301.out"Notice the separator is a TAB delimiter, hence rendering the benchmark test as a failure.
As seen in the agent's hashcat_cracker.php source -
A TAB delimiter is being used, which is just fine.
A solution would be - add support for double salted hashes :D