How to crack a SHA512 Linux password hash with oclHashcat on Linux.

Posted: October 29, 2015. At: 12:19 PM. This was 2 years ago. Post ID: 8478
Page permalink.
WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters. These cookies expire two weeks after they are set.

Cracking a SHA512 Debian password hash with oclhashcat on Debian 8.0. I am using a Radeon HD6670 card and I created a user with the crappy password of “password”. Then I downloaded oclHashcat 1.37 and used this to crack the password using the GPU.

This is the password hash in the /etc/shadow file.

fred:$6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.:16737:0:99999:7:::

The salt of the password hash is the first section:

5l70Gupv

And the hash is the next part of the line:

xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.

The $ sign is the delimiter between the salt and the hash in a shadow password file entry. $6 defines this as a SHA512 password hash.

I needed to edit this file to remove the extraneous data and leave just the hash.

$6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.

Then I could use hashcat and rockyou.txt from Kali Linux to attack this hash and get the users password.

john@hackerbox:~/Documents/oclHashcat-1.37$ ./oclHashcat64.bin -m 1800 -o output.txt ../passhash ../wordlists/rockyou.txt --force
oclHashcat v1.37 starting...
 
Device #1: Turks, 512MB, 800Mhz, 6MCU   
 
Hashes: 1 hashes; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable Optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: Kernel ./kernels/4098/m01800.Turks_1526.3_1526.3_1439892092.kernel (1165084 bytes)
Device #1: Kernel ./kernels/4098/amp_a0_v1.Turks_1526.3_1526.3_1439892092.kernel (304324 bytes)
 
INFO: removed 1 hash found in pot file
 
 
Session.Name...: oclHashcat
Status.........: Cracked
Input.Mode.....: File (../wordlists/rockyou.txt)
Hash.Target....: $6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3...
Hash.Type......: sha512crypt, SHA512(Unix)
Time.Started...: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 0/0 (100.00%)
Rejected.......: 0/0 (100.00%)
Restore point..: 0/0 (100.00%)
HWMon.GPU.#1...:  0% Util, 31c Temp, 40% Fan
 
Started: Thu Oct 29 21:15:32 2015
Stopped: Thu Oct 29 21:15:33 2015

This is the output I received after cracking the password with oclHashcat.

john@hackerbox:~/Documents/oclHashcat-1.37$ cat output.txt
$6$5l70Gupv$xBTxhCSexudn5jJ9hampIfTK0KIR3nqK1K1Rxye.OA5obtKArO7jgftjJtVSdp31MPxItEPmOuWhbgBvp0wqn.:password

And now I have the users password. That is how simple this is, but you need a wordlist with the password in it and this consumes a very large amount of disk space. I have cracked a pin hash with a wordlist generated with crunch, but it was 60 gigabytes. A wordlist that contained all possible 4 digit numbers would have been 150 Petabytes. Luckily, this pin code only used certain numbers and therefore the wordlist of all possible pin numbers was less than that. The rockyou.txt file may be downloaded here: http://scrapmaker.com/download/data/wordlists/dictionaries/rockyou.txt This is quite a comprehensive wordlist and I have used this to crack a couple of things. More wordlists are available here: https://github.com/danielmiessler/SecLists/tree/master/Passwords.

The mkpasswd command allows the creation of a password hash on Linux.

Here is an example. The salt is randomly generated. This is generating a password hash with the password “password” three times and we get a different result each time. But when I put one of these password hashes on an actual Linux system, I was able to login. So this does work.

ubuntu ~ $ mkpasswd -m SHA-512
Password:
$6$WXYsgsCwknMup$HPiIFSkNfApJ/U1jmrGhNdrmeUvS/xgttmojICueacwcXZJukeMkJ7hBoSknGKInkHG/RIID1Q0EJV4UjFP321
ubuntu ~ $ mkpasswd -m SHA-512
Password:
$6$4WSJMQBe3h$fVIZsVcvR2ZCv9BJdvxT.GpEHNlSJYH0GTv6Lh20sCMrowL1d.wpJzbZ/fz.xIMjGckQhWG7aPnhswksGxs5l1
ubuntu ~ $ mkpasswd -m SHA-512
Password:
$6$8.ku/bT..k/Y$ZwUX.tMGAfpog/GxdRz5NHXNe73TXayNz5bmGTiQWFB04WtlOZIK0ecsBPOFf9vEWte4pe5iemqJk4geOsX/M.

But if you have access to the shadow file, you would have root access and would be able to change the password with passwd anyway. But his goes to show that you can crack a SHA512 password hash on Linux in no time with a GPU.

No comments have been made. Use this form to start the conversation :)

Leave a Reply