Cracking OpenCart hashes with JtR
Dhiru Kholia edited this page Oct 26, 2015
·
2 revisions
mysql> select * from oc_user;
+---------+---------------+----------+------------------------------------------+-----------+...
| user_id | user_group_id | username | password | salt |...
+---------+---------------+----------+------------------------------------------+-----------+...
| 1 | 1 | admin | c15552d8ef39cc5ac827e3d6548621e24c161334 | eb3dfe5d9 |...
+---------+---------------+----------+------------------------------------------+-----------+...
1 row in set (0.00 sec)
$ cat wordlist
password123
openwall
$ cat OpenCart-sample-hash
c15552d8ef39cc5ac827e3d6548621e24c161334$eb3dfe5d9
$ ../run/john -form=dynamic='sha1($s.sha1($s.sha1($p)))' OpenCart-sample-hash -w=wordlist
Loaded 1 password hash (dynamic=sha1($s.sha1($s.sha1($p))) [128/128 SSE4.1 4x2])
Press 'q' or Ctrl-C to abort, almost any other key for status
openwall (?)
...
Session completed
$ ../run/john -form=dynamic='sha1($s.sha1($s.sha1($p)))' --test # Intel N2840 CPU
Benchmarking: dynamic=sha1($s.sha1($s.sha1($p))) [128/128 SSE4.1 4x1]... DONE
Many salts: 903840 c/s real, 922285 c/s virtual
Only one salt: 823200 c/s real, 857500 c/s virtual
Jim's dynamic compiler is awesome! 👍