Hash Prefixes
Identify commonly used hashes by prefix
Shadow Hashes
Consider the following line from a modern Linux system’s shadow password file
The fields are separated by colons: the username, hash algorithm, salt, and hash value and the second field has the format $prefix$options$salt$hash.
In the example above, we have four parts separated by $:
yindicates the hash algorithm used, yescryptj9Tis a parameter passed to the algorithm76UzfgEM5PnymhQ7TlJey1is the salt used/OOSg64dhfF.TigVPdzqiFang6uZA4QA1pzzegKdVm4is the hash value
Popular Hashes
| Prefix | Algorithm |
|---|---|
| $1$ | md5crypt, used in Cisco stuff and older Linux/Unix systems |
| $2$, $2a$, $2b$, $2x$, $2y$ | Bcrypt (Popular for web applications) |
| $6$ | sha512crypt (Default for most Linux/Unix systems) |
| $y$ | yescrypt is a scalable hashing scheme and is the default and recommended choice in new systems |
| $gy$ | gost-yescrypt uses the GOST R 34.11-2012 hash function and the yescrypt hashing method |
| $7$ | scrypt is a password-based key derivation function |
| $md5 | SunMD5 is a hash based on the MD5 algorithm originally developed for Solaris |
Find many, many more at https://hashcat.net/wiki/doku.php?id=example_hashes
Hash Identifier
A hash identifier is a tool designed to recognize the type of hash from a list of known hash functions
CEWL
CEWL stands for Custom Word List Generator, a Ruby program designed to create custom word lists by crawling a specified URL and extracting words from the HTML content. Cewl is a powerful tool to generate a wordlist specific to a given company or target.