hashcat for md5($salt.$pass)

Question

How could i use hashcat to crack this hash?

Syntax:

md5(eWVzX3RoaXNfaXNfdmVyeV9sb25nX3NhbHRfdG9vpassword@123) = 531e89f00f009ced5e0001e33758d3c3

Salt: eWVzX3RoaXNfaXNfdmVyeV9sb25nX3NhbHRfdG9v

Plaintext: password@123

MD5: 531e89f00f009ced5e0001e33758d3c3

I have used following syntax and got Line-length exception error.

Syntax used:

1. hashcat -a 0 -m 0 hash_pass rockyou.txt
2. hashcat -a 0 -m 30 hash_pass rockyou.txt

Error:

Hashfile 'hash_pass' on line 1 (eWVzX3RoaXNfaXNfdmVyeV9sb25nX3NhbHRfdG9vpassword@123): Line-length exception

I know the salt. I have a wordlist. I have MD5 of above, i.e. md5($salt.$pass)

I am not sure, how to use hashcat to solve this challenge.

Request help.

Answer 1

In this example, the salt is '123'.

$ echo -n 'password123' | md5sum
482c811da5d5b4bc6d497ffa98491e38  -

$ cat test.hash
482c811da5d5b4bc6d497ffa98491e38:123

$ echo "password" | hashcat --quiet -m 10 -a 0 -o test.out test.hash
$

$ cat test.out
482c811da5d5b4bc6d497ffa98491e38:123:password

(Note that --quiet is optional, and there to make my demonstration output simpler. And I use -a 3 for simplicity also, your attack will vary)

Answer 2

1. Find the right hash mode in HashCat. As you have salt before password it is md5($salt.$pass) -> mode 20.

2. Provide both hash and salt to Hashcat (in your hash_pass file).
   File format: $hash:$salt,
   In your case hash_pass should contain: 531e89f00f009ced5e0001e33758d3c3:eWVzX3RoaXNfaXNfdmVyeV9sb25nX3NhbHRfdG9v

3. Put everything together and enjoy:

hashcat -a 0 -m 20 hash_pass rockyou.txt