Leaks 270M Wattpad.com Parsed & Cleaned Database Dump Leaked!

kpzthenight · Dec 13, 2022

mightydawn said:
The SHA-1 hash of:
1151 is:

You can attempt to reverse the SHA-1 hash which was just generated, to reverse it

I'm sorry, i made a typo and i couldn't post more messages. Hashes.com said it was hash type 1451 (not 1151) and the plaintext of the hash I sent was 010203.
Hashes.com hash identification in expert mode says that possible algorithms could be:
sha256($plaintext.$salt)
sha256($salt.$plaintext)
HMAC-SHA256 (key = $plaintext)
HMAC-SHA256 (key = $salt), sha256(sha256($plaintext).$salt)
sha256($salt.$plaintext.$salt)
HMACSHA256($plaintext)

Some of the algorithms above do not appear on hashcat wiki, and I think I have tested all the ones that appear there, but I will test again just in case.

mightydawn · Dec 13, 2022

kpzthenight said:
I'm sorry, i made a typo and i couldn't post more messages. Hashes.com said it was hash type 1451 (not 1151) and the plaintext of the hash I sent was 010203.
Hashes.com hash identification in expert mode says that possible algorithms could be:
sha256($plaintext.$salt)
sha256($salt.$plaintext)
HMAC-SHA256 (key = $plaintext)
HMAC-SHA256 (key = $salt), sha256(sha256($plaintext).$salt)
sha256($salt.$plaintext.$salt)
HMACSHA256($plaintext)

Some of the algorithms above do not appear on hashcat wiki, and I think I have tested all the ones that appear there, but I will test again just in case.

ok, test it and update in topic.

kpzthenight · Dec 13, 2022

Of all the hash, the part that seems more intriguing is "d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e".
It appears on all the wattpad hashes that i have checked of the Wattpad database in hashes.com, so I suspect it is a fixed salt. (That could mean the hash is sha256($salt.$plaintext.$salt), as stated in the post above).
I have tried sha2-256 along with all of its variants in hashcat.

mightydawn · Dec 13, 2022

kpzthenight said:
Of all the hash, the part that seems more intriguing is "d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e".
It appears on all the wattpad hashes that i have checked of the Wattpad database in hashes.com, so I suspect it is a fixed salt. (That could mean the hash is sha256($salt.$plaintext.$salt), as stated in the post above).
I have tried sha2-256 along with all of its variants in hashcat.

still not appeared?

mightydawn · Dec 13, 2022

kpzthenight said:
Of all the hash, the part that seems more intriguing is "d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e".
It appears on all the wattpad hashes that i have checked of the Wattpad database in hashes.com, so I suspect it is a fixed salt. (That could mean the hash is sha256($salt.$plaintext.$salt), as stated in the post above).
I have tried sha2-256 along with all of its variants in hashcat.

bcrypt hashes?

kpzthenight · Dec 13, 2022

I haven't found anything yet.
I don't mean the bcrypt hashes, i mean the other ones.

stevejh19 · Dec 14, 2022

Thanks bro g

kpzthenight · Dec 14, 2022

Hey, I have an Update. I asked in Hashes.com discord server and wattpad algorithm is [HMAC_sha256(sha1(id):password, secret)].
So in hashcat it would be mode 1460 with the hash being [hash:d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e] (its the same in all hashes)
and the password candidate would be sha1(id)+password. In this case by "+" I mean that sha1(id) is put before the mask in a bruteforce attack or before the wordlist in a dictionary attack

kpzthenight · Dec 14, 2022

Happy cracking!! :)

rain123 · Dec 15, 2022

Thanks for sharing - really useful

Grind · Dec 15, 2022

cleaned version is insane mate

kpzthenight · Dec 15, 2022

Hello, the download link doesn't work anymore. By the way, great work, I've tried cleaning the file by myself (I downloaded the full version in other forum some months ago) and it's been a pain in the butt, so thanks for cleaning it and sharing.

mightydawn · Dec 15, 2022

kpzthenight said:
Hey, I have an Update. I asked in Hashes.com discord server and wattpad algorithm is [HMAC_sha256(sha1(id):password, secret)].
So in hashcat it would be mode 1460 with the hash being [hash:d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e] (its the same in all hashes)
and the password candidate would be sha1(id)+password. In this case by "+" I mean that sha1(id) is put before the mask in a bruteforce attack or before the wordlist in a dictionary attack

i see never cracked wattpad hash before.

mightydawn · Dec 15, 2022

kpzthenight said:
Hello, the download link doesn't work anymore. By the way, great work, I've tried cleaning the file by myself (I downloaded the full version in other forum some months ago) and it's been a pain in the butt, so thanks for cleaning it and sharing.

yes its dead topic for now, cleaning full is true pain, but sorry i dont have file

kpzthenight · Dec 15, 2022

mightydawn said:
yes its dead topic for now, cleaning full is true pain, but sorry i dont have file

no worries, thanks anyways. :)

kpzthenight · Dec 15, 2022

I will try to clean the copy I have by myself, I will post it when I have it.

mightydawn · Dec 15, 2022

kpzthenight said:
no worries, thanks anyways. :)

@baz00kais really unresponsive these days, idont know why. Maybe he have it.

mightydawn · Dec 15, 2022

kpzthenight said:
I will try to clean the copy I have by myself, I will post it when I have it.

then you will fell pain in the butt uncompressed 94 GB, my computer cant even open this db

kpzthenight · Dec 15, 2022

mightydawn said:
then you will fell pain in the butt uncompressed 94 GB, my computer cant even open this db

I used git bash to divide the file in equal parts (10 gb each or so) and i am editing it with emeditor (my must for huge files).

mightydawn · Dec 16, 2022

kpzthenight said:
I used git bash to divide the file in equal parts (10 gb each or so) and i am editing it with emeditor (my must for huge files).

good to hear that