Cracking OpenCart hashes with JtR

Dhiru Kholia edited this page Oct 26, 2015 · 2 revisions
mysql> select * from oc_user;
+---------+---------------+----------+------------------------------------------+-----------+...
| user_id | user_group_id | username | password                                 | salt      |...
+---------+---------------+----------+------------------------------------------+-----------+...
|       1 |             1 | admin    | c15552d8ef39cc5ac827e3d6548621e24c161334 | eb3dfe5d9 |...
+---------+---------------+----------+------------------------------------------+-----------+...
1 row in set (0.00 sec)
$ cat wordlist
password123
openwall
$ cat OpenCart-sample-hash 
c15552d8ef39cc5ac827e3d6548621e24c161334$eb3dfe5d9
$ ../run/john -form=dynamic='sha1($s.sha1($s.sha1($p)))' OpenCart-sample-hash -w=wordlist
Loaded 1 password hash (dynamic=sha1($s.sha1($s.sha1($p))) [128/128 SSE4.1 4x2])
Press 'q' or Ctrl-C to abort, almost any other key for status
openwall         (?)
...
Session completed
$ ../run/john -form=dynamic='sha1($s.sha1($s.sha1($p)))' --test  # Intel N2840 CPU
Benchmarking: dynamic=sha1($s.sha1($s.sha1($p))) [128/128 SSE4.1 4x1]... DONE
Many salts:	903840 c/s real, 922285 c/s virtual
Only one salt:	823200 c/s real, 857500 c/s virtual

Jim's dynamic compiler is awesome! :+1:

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.