Hi. I’m currently taking an Information Security course and as a main task we had to do a SQL injection attack to a given database. As a result, we obtain the following: User names, password hashes, salts.
As an extra problem, we are tasked to break (at least some) password hashes of the users. We are given the way the has is calculated:
`password_hash = truncate_to_32_character(convert_to_hex(sha256(constant_prefix + password + salt))`
Where `constant_prefix` is given.
I tried all the other .txt files directly under the /Passwords and /Passwords/Common-Credentials to no avail: I only got the same two password hashes that I got before.
I asked a TA and he suggested using the information from the database (user names, etc.) and most common English words to produce my own dictionary. Assuming that I have two files, the DB data and most common words in English language, how to I produce a mutation of the two in a smart way? By “smart way” I mean that I take word 1 from file A, word 2 from file B and maybe add some noise or change lower character to upper character etc.