GCIH · Question #755
What hash type is being cracked in the command below? hashcat -m 1800 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile
The correct answer is C. SHA-512. Hashcat mode 1800 targets sha512crypt, the SHA-512-based Unix password hashing scheme, not raw SHA-512.
Question
What hash type is being cracked in the command below? hashcat -m 1800 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile
Options
- ASHA-1
- BLANMAN
- CSHA-512
- DNT hashes
How the community answered
(53 responses)- A2% (1)
- B4% (2)
- C94% (50)
Why each option
Hashcat mode 1800 targets sha512crypt, the SHA-512-based Unix password hashing scheme, not raw SHA-512.
SHA-1 is represented by '-m 100' in hashcat; '-m 1800' does not correspond to SHA-1 in any context.
LANMAN hashes use '-m 3000' in hashcat, not '-m 1800', and are a legacy Windows authentication scheme.
The '-m 1800' flag in hashcat corresponds to sha512crypt ($6$), which is the SHA-512-derived password hashing algorithm used by default in modern Linux and Unix systems. The '-a 0' flag specifies a dictionary attack, meaning hashcat hashes each word in wordlist.txt using sha512crypt and compares it against the entries in customer.ntds.
NT hashes (NTLM) use '-m 1000' in hashcat, not '-m 1800', and are the Windows password hash format stored in NTDS.
Concept tested: Hashcat hash mode identification for SHA-512crypt
Source: https://hashcat.net/wiki/doku.php?id=hashcat
Topics
Community Discussion
No community discussion yet for this question.