Waraxe IT Security Portal
Login or Register
November 16, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 74
Members: 0
Total: 74
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Decode passwords
Post new topicReply to topic View previous topic :: View next topic
Decode passwords
PostPosted: Thu May 18, 2006 4:01 pm Reply with quote
Yanni
Regular user
Regular user
Joined: May 18, 2006
Posts: 5
Location: UK




Hi everyone,

Absolutely new to this. Managed to get a copy of the database of a site which runs on phpBB 2.0.x

These guys were users on my forum and then started a new forum behind my back with just an "er" appended to the name, they then proceeded to email all my users (having coerssed one of the site admins to give them a copy of my database) and told them my site was closed and their site was the new home... as you can see I am not particulaly pleased and want to regain control.

I have a copy of their database - is it possible to find out what their passwords are because they are encrypted in the SQL dump that I have?

All help much appreciated.
View user's profile Send private message
PostPosted: Mon May 22, 2006 3:35 pm Reply with quote
Yanni
Regular user
Regular user
Joined: May 18, 2006
Posts: 5
Location: UK




Ok, so it would seem my initial question was one of those "stupid questions".... if anyone would pm me I could tell them about my site and the offending site - perhaps one of you guys would then do some deeper investigations for me.
View user's profile Send private message
PostPosted: Tue May 23, 2006 12:09 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




So you have in your possession database dump. Well, then you can try to crack md5 hashes or try to use them directly. It all depends on many factors - like phpbb version, session handling specifics and so on.
My suggestion is to post here some md5 hashes and then let' see, are they crackabe or not Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue May 23, 2006 11:26 am Reply with quote
Yanni
Regular user
Regular user
Joined: May 18, 2006
Posts: 5
Location: UK




Is this what you need -

1 00601c543883cae9fc9505bdc5418f83
1 00b18fed45cb846b2727bd4c40cc403b
1 00bfc8c729f5d4d529a412b12c58ddd2
1 00eda5525b6289b0ded9eb0bf318efef
1 0115ce57cd52ca66533eed97266db625
1 014714410ca2876672fdcf0c74527d60
1 014d23df80b533364d87dd72fe0f27ab
1 016b97dae13708187674d5d25cd8b1a8
1 01b3f378798d72bf73c8050d76707e0a
1 01cdc81c1e961f04b2feed3ff48ae242
1 01d0f19826c34796c0ea680079be789a
1 01d2795e19a0d04aa7277ea32a326f97
1 01ebb54ac1d0ad580d7adf2d04d17b3f
1 022b59c0938b4e8f6eaa3884c7daa536
1 023afa8ceb2925eba366bf91b118b4d0
1 02532bdc1420c1aab2c5c7699cdb4cb5
1 029f30558fe8440e6dd6bcc3cecb6aa0
2 02c75fb22c75b23dc963c7eb91a062cc
1 02d3c5b50a3d1c3183ee959198e36c26
1 0307102bd8187f40deb8d340a84761fd
1 036cc2ddcd70ce83473bf323b50a1be9
1 03bb9c34ee1d175f850bd0d72e194cb3
1 0446392b1d7ef4761f6e4deece46eacc
1 046f8ef9508c8f9a52810cd36a7397dc


Think it was from pbpBB2 version 2.0.19 i think...
View user's profile Send private message
PostPosted: Tue May 23, 2006 12:32 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Using http://www.csthis.com/md5/index.php

00bfc8c729f5d4d529a412b12c58ddd2 --> pokemon
0115ce57cd52ca66533eed97266db625 --> rosanna
01b3f378798d72bf73c8050d76707e0a --> dolphins
01cdc81c1e961f04b2feed3ff48ae242 --> edinburgh

And so on ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed May 24, 2006 12:28 pm Reply with quote
Yanni
Regular user
Regular user
Joined: May 18, 2006
Posts: 5
Location: UK




OK thanks - yes that works for some of the passwords, I take it that where it doesnt work is when a user has used a more secure password string - i.e. not a standard word... am i correct?

Unfortunately it doesnt work for the guys whos passwords I wanted - like the admin of the site - what can and should i try next to get access to their site or the admin passwords they have now?
View user's profile Send private message
PostPosted: Wed May 24, 2006 2:30 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yanni wrote:
OK thanks - yes that works for some of the passwords, I take it that where it doesnt work is when a user has used a more secure password string - i.e. not a standard word... am i correct?

Unfortunately it doesnt work for the guys whos passwords I wanted - like the admin of the site - what can and should i try next to get access to their site or the admin passwords they have now?


You can post here those uncrackable password hashes (for admins etc)
and then let's see - maybe someone can still crack them Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed May 31, 2006 12:10 pm Reply with quote
Yanni
Regular user
Regular user
Joined: May 18, 2006
Posts: 5
Location: UK




Hi, yes that would be excellent if anyone could help out - here below are some of the ones I am unable to crack. Waraxe, I will PM you the name of the site that they refer to...

USERNAME
Blackadder aab04fe52d7da57c67ecda82d319f03e
out4zero 8c14677e026e95a239e179e91c3ff3c7
BODiE b5e2e5c3b20320d62c154f328359e97a
myke edc73a1d211fbd30b9b22bc1dba8817f
1k memory 27a5148ea0fbddae22d902bea9a19531
p14wry 3198909bf44d329d85a6af7c6dcdbcfd
seAr e94929037e3d439f22e4c20172fca705
ljs 42f2951553ee2439025e8843f3bb6c13
FMC c9061adb3e5da9a0216ff2ae20ef4ea5
Jenga 4cd253075cf1475149d1d3724cb9b00f
Smeg 0f65ffde588c21cf64a07d93e1606c1b
tubbylad bd4bc1d09f398f1612688061d4382709

These are the usernames of the MODS and ADMINS on the site.
View user's profile Send private message
PostPosted: Wed May 31, 2006 9:44 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yanni wrote:
Hi, yes that would be excellent if anyone could help out - here below are some of the ones I am unable to crack. Waraxe, I will PM you the name of the site that they refer to...

USERNAME
Blackadder aab04fe52d7da57c67ecda82d319f03e
out4zero 8c14677e026e95a239e179e91c3ff3c7
BODiE b5e2e5c3b20320d62c154f328359e97a
myke edc73a1d211fbd30b9b22bc1dba8817f
1k memory 27a5148ea0fbddae22d902bea9a19531
p14wry 3198909bf44d329d85a6af7c6dcdbcfd
seAr e94929037e3d439f22e4c20172fca705
ljs 42f2951553ee2439025e8843f3bb6c13
FMC c9061adb3e5da9a0216ff2ae20ef4ea5
Jenga 4cd253075cf1475149d1d3724cb9b00f
Smeg 0f65ffde588c21cf64a07d93e1606c1b
tubbylad bd4bc1d09f398f1612688061d4382709

These are the usernames of the MODS and ADMINS on the site.


I was using Cain, some huge wordlists, some bruteforce cracking,
and as result - half of the hashes were cracked:

Code:

Plaintext of 27a5148ea0fbddae22d902bea9a19531 is jupiter
Plaintext of 4cd253075cf1475149d1d3724cb9b00f is elaine1
Plaintext of b5e2e5c3b20320d62c154f328359e97a is firetrap1
Plaintext of c9061adb3e5da9a0216ff2ae20ef4ea5 is funboy3
Plaintext of 0f65ffde588c21cf64a07d93e1606c1b is udauff
Plaintext of 8c14677e026e95a239e179e91c3ff3c7 is telephone40


See ya Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Jun 04, 2006 3:32 pm Reply with quote
berlo1
Beginner
Beginner
Joined: Jun 04, 2006
Posts: 1




Sorry to butt in, but I've got a MD5 that I've not been able to crack.
It may not even be in english.
Can you please help me with it?

Here it is:
Code:
0f49893a357031b4bbd689c8f10f160f
View user's profile Send private message
Decode passwords
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.068 Seconds