Skip to main content

PBKDF2-HMAC-SHA256

Example Hash

Hash is from a recent CTF and therefore, there are no concerns with making it public

pbkdf2:sha256:600000$I5bFyb0ZzD69pNX8$e9e4ea5c280e0766612295ab9bff32e5fa1de8f6cbb6586fab7ab7bc762bd978

Formatting for Hashcat

Hashcat Requirements

Show Example Hash

hashcat --hash-info -m 10900

Show details on hashcat expected formatting

image.png

  Example.Hash........: sha256:1000:NjI3MDM3:vVfavLQL9ZWjg8BUMq6/FB8FtpkIGWYk
                        |    | |  | |      | |                              |
                        '-|--' '-|' '---|--' '----------------|-------------'
                          |      |      |                     '.______Base64-Encoded Hash
                          |      |      |
                          |      |      '._________Base64-Encoded Salt
                          |      |
                          |      '._______ Number of Iterations
                          |
                          '._____ Algorithm

Both salt and hash are expected to be in base64-encoding and all fields must be separated by a :

Re-Encoding Our Hash

Problem

pbkdf2:sha256:600000$I5bFyb0ZzD69pNX8$e9e4ea5c280e0766612295ab9bff32e5fa1de8f6cbb6586fab7ab7bc762bd978
                     |             |  |                                                              |
                     '------|------'  '-------------------------------|------------------------------'
                            |                                         |
                            |                                         |
                            |                                         '.__Hexadecimal-encoded hash
                            '._________Base64-encoded salt


#  We know the hash is in hexadecimal due to the characters being exclusively in 0-9 and a-f

Current hash format

Why Hashcat won't Recognize Our Hash

  • ❌ Hashcat requires all fields to be separated by a : -- currently mixes $ and :
  • ✅ Hashcat requires the salt to be base64-encoded -- it already is
  • ❌ Hashcat requires the hash to be base64-encoded -- currently hexadecimal

It's possible your hash already meets these requirements. Different applications may use different encodings. In the case of the example hash at the top of this page, the hash encoded in hexadecimal. 

If your hash and salt are both already base64-encoded, then it goes without saying that you do not need re-encode the hash as shown below.

Solution

Re-Encode the Hash
echo -n 'e9e4ea5c280e0766612295ab9bff32e5fa1de8f6cbb6586fab7ab7bc762bd978' | xxd -r -p | base64

Decode the original hash value from hexadecimal to base64

Save the New Hash to a File
echo 'sha256:600000:I5bFyb0ZzD69pNX8:6eTqXCgOB2ZhIpWrm/8y5fod6PbLtlhvq3q3vHYr2Xg=' > hash.txt
  • ✅ All fields separated by :
  • ✅ Salt is base64-encoded
  • ✅ Hash is base64-encoded
hashcat -a 0 -m 10900 hash.txt rockyou.txt
Back to top