Determining Hash Password Types
The HashTag.py tool, which will be used to determine the type of password hashes obtained in penetration tests, is a tool written in Python that separates and identifies different password hash values according to their type. It supports hash value of 250 and above. In addition to reading hash values directly, HashTag can also read hash values from the file.
You can visit here to view the tool source codes. If you want to use the tool online, you can access it from this address.
Use of :
Its usage is as follows.
usage: HashTag.py {-sh hash |-f file |-d directory} [-o output_filename] [-hc] [-n]
You can use the help menu to see in detail how the program is used and what parameters it receives.
-h, --help
show this help message and exit
-sh SINGLEHASH, --singleHash SINGLEHASH
Identify a single hash
-f FILE, --file FILE
Parse a single file for hashes and identify them
-d DIRECTORY, --directory DIRECTORY
Parse, identify, and categorize hashes within a directory and all subdirectories
-o OUTPUT, --output OUTPUT
Filename to output full list of all identified hashes
--file default filename: HashTag/HashTag_Output_File.txt
--directory default filename: HashTag/HashTag_Hash_File.txt
-hc, --hashcatOutput
--file: Output a file per different hash type found, if corresponding hashcat mode exists
--directory: Appends hashcat mode to end of separate files
-n, --notFound
--file: Include unidentifiable hashes in the output file. Good for tool debugging (Is it Identifying properly?)
Determining Single Hash (-sh) Value:
The -sh parameter will be used to determine the Single Hash value.
Example 1: HashTag.py -sh 7026360f1826f8bc
➜ Desktop ./HashTag.py -sh 7026360f1826f8bc
Hash: 7026360f1826f8bc
[*] MySQL, MySQL323
[*] Oracle 7-10g, DES(Oracle) - Hashcat Mode 3100
[*] CRC-64
[*] SAPB
[*] substr(md5($pass),0,16)
[*] substr(md5($pass),16,16)
[*] substr(md5($pass),8,16)
Example 2: HashTag.py -sh 3b1015ccf38fc2a32c18674c166fa447
➜ Desktop ./HashTag.py -sh 3b1015ccf38fc2a32c18674c166fa447
Hash: 3b1015ccf38fc2a32c18674c166fa447
[*] MD5 - Hashcat Mode 0
[*] NTLM - Hashcat Mode 1000
[*] MD4 - Hashcat Mode 900
[*] LM - Hashcat Mode 3000
[*] RAdmin v2.x
[*] Haval-128
[*]MD2
[*] RipeMD-128
[*] Tiger-128
[*] Snefru-128
[*] MD5(HMAC)
[*] MD4(HMAC)
[*] Haval-128(HMAC)
[*] RipeMD-128(HMAC)
[*] Tiger-128(HMAC)
[*] Snefru-128(HMAC)
[*] MD2(HMAC)
[*] MD5(ZipMonster)
[*] MD5(HMAC(Wordpress))
[*] Skein-256(128)
[*] Skein-512(128)
[*] md5($pass.$salt) - Hashcat Mode 10
[*] md5($pass.$salt.$pass)
[*] md5($pass.md5($pass))
[*] md5($salt.$pass) - Hashcat Mode 20
[*] md5($salt.$pass.$salt) - Hashcat Mode 3810
[*] md5($salt.$pass.$username)
[*] md5($salt.'-'.md5($pass))
[*] md5($salt.md5($pass)) - Hashcat Mode 3710
[*] md5($salt.md5($pass).$salt)
[*] md5($salt.MD5($pass).$username)
[*] md5($salt.md5($pass.$salt)) - Hashcat Mode 4110
[*] md5($salt.md5($salt.$pass)) - Hashcat Mode 4010
…
Determining the Hash Value by Reading from the File (-f):
The -f parameter will be used to read and parse the hash value from the file.
➜ Desktop ./HashTag.py -f hash.txt -hc
File Mimetype: text/plain
Hashes Found: 1
File successfully written: HashTag/HashTag_Output_File.txt
Here, the hash value written in the file is read with the -f parameter. Then, the result of the hash value is written to the HashTag/HashTag_Output_File.txt file. When the content of that file is displayed, hash information will be accessed.
➜ Desktop cat HashTag/HashTag_Output_File.txt
Hash: 7026360f1826f8bc
Char Length: 16
Hashcat Modes: ['3100']
Hash Types: ['MySQL, MySQL323', 'Oracle 7-10g, DES(Oracle)', 'CRC-64', 'SAPB', 'substr(md5($pass),0,16)', 'substr( md5($pass),16,16)', 'substr(md5($pass),8,16)']
Reference:
http://www.smeegesec.com/2013/11/hashtag-password-hash-identification.html
