Quick 'n Dirty PoC for cracking OutSystems hashes with hashcat

OutCrack.sh

#!/bin/bash
# Crack hashes generated by OutSystems (PoC)

# batman
hash='$1$ms7rBI3MKLalgjmCFwavo5ROC/Cw5C6QXUxwgbUrAHw=131FFFE778BF3BD89911BBA49184A14DAA625B2FA2FA8D2C086BF35FF62539B046768E1885F43A7120199867B7AFAED9A53FD1A7C165CC12C8AE24370A792754'
#hash='2A37D95E1EF22207DC6B09B55899B461'
# hunter2
#hash='$1$BYi7cMS7AXlNwKz/ozjUu9lhO83DjhNEDz5qPom78lU=2D2DC5245359DCC7F87E1D39E707E7AA1A4476D2346D5441104F29E412BADC64FAF2C6B182AD09B00AB26D5DC794456F7D75288F41E73AB440B2D8A52E3012CA'
#hash='A8629A13DC6381CC9F2166C3A36232E3'

rockyou='https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt'

if [ ! -f rockyou.txt ]
	then
		wget "$rockyou"
fi

function crack()  {
	echo -n "Trying $1..."
	hashcat --hash-type $2 --hex-salt --quiet "$1" rockyou.txt
	echo "done"
	echo
	hashcat --hash-type $2 --hex-salt --show "$1"
}

type=${hash:0:3}
if [ $type == '$1$' ]
	then
		digest=${hash:(-128)}
		let "saltlen=${#hash}-3-${#digest}"
		salt=${hash:3:$saltlen}
		saltutf16hex=`echo -n "$salt" | iconv -f UTF-8 -t UTF-16LE | xxd -ps -u -c 0`
		crack "$digest:$saltutf16hex" 1730 # sha512(utf16le($pass).$salt)
	else
		digest=$hash
		salt='cdjnes3h4w'
		saltutf16hex=`echo -n "$salt" | iconv -f UTF-8 -t UTF-16LE | xxd -ps -u -c 0`
		crack "$digest:$saltutf16hex" 30 # md5(utf16le($pass).$salt)
fi