Hi forum,
I have managed to extract a password hash with sqlmap and would like to crack it with either john or hashcat. This is the hash which I have put into a file named hash:
md52d58e0637ec1e94cdfba3d1c26b67d01
john gives me this:
john --wordlist=/usr/share/wordlists/rockyou.txt hash
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)
And hashcat gives me this:
hashcat -m 1800 --force hash /usr/share/wordlists/rockyou.txt
Hash ‘hash’: Separator unmatched
No hashes loaded.
Is there something wrong with the hash I extracted?
This is the output from sqlmap:
[10:09:16] [INFO] resumed: 'true'
[10:09:16] [INFO] resumed: 'postgres'
[10:09:16] [INFO] resumed: 'md52d58e0637ec1e94cdfba3d1c26b67d01'
[10:09:16] [INFO] resumed: 'true'
[10:09:16] [INFO] resumed: 'true'
[10:09:16] [INFO] resumed: ' '
[10:09:16] [INFO] recognized possible password hashes in column 'rolpassword'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N]
Really stuck with this now. Removing “md5” from the start of the and running it through john gives this:
Warning: detected hash type “LM”, but the string is also recognized as “dynamic=md5($p)”
Use the “–format=dynamic=md5($p)” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “HAVAL-128-4”
Use the “–format=HAVAL-128-4” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “MD2”
Use the “–format=MD2” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “mdc2”
Use the “–format=mdc2” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “mscash”
Use the “–format=mscash” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “mscash2”
Use the “–format=mscash2” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “NT”
Use the “–format=NT” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “Raw-MD4”
Use the “–format=Raw-MD4” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “Raw-MD5”
Use the “–format=Raw-MD5” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “Raw-MD5u”
Use the “–format=Raw-MD5u” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “Raw-SHA1-AxCrypt”
Use the “–format=Raw-SHA1-AxCrypt” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “ripemd-128”
Use the “–format=ripemd-128” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “Snefru-128”
Use the “–format=Snefru-128” option to force loading these as that type instead
Warning: detected hash type “LM”, but the string is also recognized as “ZipMonster”
Use the “–format=ZipMonster” option to force loading these as that type instead
First off, the hash you want to analyze is 2d58e0637ec1e94cdfba3d1c26b67d01
The MD5 bit is telling you what to use.
You can check this by using hashid or similar tools to validate that you have the right thing.
Next, with john, try: john --wordlist=WORDLIST --format=Raw-MD5 hash and see if that is any different.
But importantly, it might not be crackable.
Additionally to what @TazWake wrote:
For Hashcat you should try hashcat -m 0 hash /usr/share/wordlists/rockyou.txt
-m 1800 would mean sha512crypt which is used in modern Linux’s shadow files, and loos completely different 
For MD5, you can also omit the -m 0 part, since it’s the default algorithm.
try to delete everything but the hash even the " , it worked for me.