Postgres password hash crack



  • I installed the lastest version of PostgreSQL (13.2) to understand it better and I used the command SELECT usename, passwd from pg_shadow; to extract the hash with the default username postgres but I could not find any documantation of how to crack the password hash using john or hashcat so how can I do that ? the hash example which is 1234

    SCRAM-SHA-256$4096:bPlu66YYvUgvDwY31jQZTA==$ZbSxNzZQqdtLi+fcj15pg7ywEg5mO3xNOVfZJ+/2n0Q=:9ll3Le0+81qTnFwonM4ROCzeTjCRizYdm3ZO5yu/wcE=
    


  • You need to use a crack method that is designed for SCRAM-SHA-256. If jtr or hashcat do not have this (and it looks like they don't at this point in time), then you cannot use those tools.

    Hashcat is working on this for -m 24200. You might be able to find a dev version that includes this.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2