I am trying to solve one of those web based security challenges and for this I accessed the .htpasswd file. In that I found a password hash similar to
myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
Trying to perform a dictionary attack on this resulted in John (programm to crack passwords) not supported the provided hash. I believe the issue is that the used format is unkown to john. The format is described here:
It states for sha1 authentication the hash would be:
"{SHA}" + Base64-encoded SHA-1 digest of the password. Insecure.
So my question is, how do I convert that to a more known format. I thought base64 decoding the hash and chaning the prefix to sha1 would solve it, but base64 decoding it returns me nonsense that does not look anything like a hash. Anybody any ideas?
