Basic SHA1 - How to Improve?
by AngryWeirdo - February 20, 2021 at 05:49 AM
#1
This is what I did to "crack" all 33 million LinkedIn (email, SHA1 hashed passwords).

=> Basic tutorial below
=> But when I try to "crack" the Zynga (email, salted SHA1 hashed passwords) I can't crack even one
=> Has anyone managed to reverse the "salt" that's applied to the SHA1?

*********************

Own a gaming GPU (Radeon 5700 XT cracks 100k accounts per hour when they're dictionary based)
Extract the SHA1 hash from whatever TXT/CSV file it's in from the usernames and other DB info
Cut the email + hash if comma delimited so that we have something to join into later. Assuming Col5 and Col8 are of interest (but adjust as necessary)
% cat giant_txt_file.txt | cut –f 5,8 -d, > user_hashes.txt

Again, cut out only the hashes
% cat user_hashes.txt | cut –f 2 –d, >myhashes.txt
% uniq or sort or grep –v "xxx" if there are missing hashes to clean up the file

If not salted, use hashcat to run through a dictionary (rockyou.txt) 
% hashcat –m 100 –a 0 –o logging.txt myhashes.txt rockyou.txt 

Expect about 100k per hour of cracked user ID's if the passwords are there.
Check the ~/.hashcat/*.potfile for progress
% tail –f logging.txt

When finished, copy the ~/.hashcat/*.potfile into the same location has user_hash.txt 
% sort -t , -k 1,1 myPasswords.potfile > sort1.csv
% sort -t , -k 1,1 user_hashes.txt >sort2.csv

Assuming the hash is the first (comma delimited) column of both files, we can join them
% join -t , -1 1 -2 1 sort1.csv sort2.csv >merged.csv
#2
Very thanks for this fast tutorial.
#3
Very helpful, I will try to expand this for other algorithm. Any idea for bcrypt cracking?

To your point: Salts are supposed to be secret (and effectively make all passwords 64+ chars in length) so you will have trouble brute forcing this without knowing each individual salt.
#4
(February 21, 2021 at 10:23 PM)rmuscle24 Wrote: Very helpful, I will try to expand this for other algorithm. Any idea for bcrypt cracking?

To your point: Salts are supposed to be secret (and effectively make all passwords 64+ chars in length) so you will have trouble brute forcing this without knowing each individual salt.

salts are secret-ish... they're generally stored in plaintext with the password. sort of a "when you calculate the hash of the password, concatenate these characters to it". but yeah, the main point of them is to make it harder/impossible to crack a ton in bulk since you'd basically have to bruteforce or rainbow table each password one by one because the same password with a different salt will yield a different hash
#5
@AngryWeirdo, @Peter_Pettigrew, thanks for the great info.
#6
when running hashcat, you might want to also add a rule file to automate some of the permutations to the rockyou passwords, which should increase your hits
#7
(February 20, 2021 at 05:49 AM)AngryWeirdo Wrote: This is what I did to "crack" all 33 million LinkedIn (email, SHA1 hashed passwords).

=> Basic tutorial below
=> But when I try to "crack" the Zynga (email, salted SHA1 hashed passwords) I can't crack even one
=> Has anyone managed to reverse the "salt" that's applied to the SHA1?

*********************

Own a gaming GPU (Radeon 5700 XT cracks 100k accounts per hour when they're dictionary based)
Extract the SHA1 hash from whatever TXT/CSV file it's in from the usernames and other DB info
Cut the email + hash if comma delimited so that we have something to join into later. Assuming Col5 and Col8 are of interest (but adjust as necessary)
% cat giant_txt_file.txt | cut –f 5,8 -d, > user_hashes.txt

Again, cut out only the hashes
% cat user_hashes.txt | cut –f 2 –d, >myhashes.txt
% uniq or sort or grep –v "xxx" if there are missing hashes to clean up the file

If not salted, use hashcat to run through a dictionary (rockyou.txt) 
% hashcat –m 100 –a 0 –o logging.txt myhashes.txt rockyou.txt 

Expect about 100k per hour of cracked user ID's if the passwords are there.
Check the ~/.hashcat/*.potfile for progress
% tail –f logging.txt

When finished, copy the ~/.hashcat/*.potfile into the same location has user_hash.txt 
% sort -t , -k 1,1 myPasswords.potfile > sort1.csv
% sort -t , -k 1,1 user_hashes.txt >sort2.csv

Assuming the hash is the first (comma delimited) column of both files, we can join them
% join -t , -1 1 -2 1 sort1.csv sort2.csv >merged.csv

Very thanks for this tutorial!
#8
Great tutorial,how many gpu's are involved ?
#9
would like to know how many gpus used
#10
nice cracking tutorial thanks
#11
very in depth and deff worth a decent amount of thanks from avid students
#12
any update on gpus??
,,,,,,,,,,,

Possibly Related Threads…
Thread Author Replies Views Last Post
'decrypt' this sha1 Nijsakk 1 650 May 25, 2019 at 01:38 AM
Last Post: kajkaj123
SHA1 Shutting down for FireFox and other browsers! Asik 6 1,726 May 18, 2017 at 09:53 AM
Last Post: sdfxcvert

 Users browsing this thread: 1 Guest(s)