Waraxe IT Security Portal
Login or Register
November 5, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 69
Members: 0
Total: 69
Full disclosure
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
APPLE-SA-10-28-2024-3 macOS Sequoia 15.1
APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1
APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1
Open Redirect / Reflected XSS - booked-schedulerv2.8.5
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Hash related information -> md5 hashes... please explain
Post new topicReply to topic View previous topic :: View next topic
md5 hashes... please explain
PostPosted: Thu Nov 01, 2007 5:18 am Reply with quote
delta_one
Beginner
Beginner
Joined: Nov 01, 2007
Posts: 2




hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? Confused
View user's profile Send private message
Re: md5 hashes... please explain
PostPosted: Thu Nov 01, 2007 8:08 am Reply with quote
ToXiC
Moderator
Moderator
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




delta_one wrote:
hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? Confused


i will try to explain to you is simple words.

Most of the hashes posted in here are hashes that are stored into databases of web applications.

I forgat to mention :

from google:
A hash function h is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties.
md5 is a hash function that gets an any h value input and returns a 32 characters hex output

md5 funtion is used to "encypt" the value of the password of the users of a web app. for example :
a user register to a website and his password is stored encypted in the database so that the only one that knows it is the specific user .. NOT even the owner of the site should know it.

Now , regarding your other questions how to get it.
Most of the exploits can execute sql statements and the return value at most of the cases is an md5 hash value.
So you may get from an execution the following info

username : admin
password : 31435008693ce6976f45dedc5532e2c1

the 31435008693ce6976f45dedc5532e2c1 is the md5 of the password of the user.

md5 was made to be one way.
but with various techniques like rainbow tables / dictionary attacks / online datbases / bruteforce attack ... the value is returned to the plain value which at the the above case is

31435008693ce6976f45dedc5532e2c1 resolves to thisismypassword

_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
Re: md5 hashes... please explain
PostPosted: Thu Nov 01, 2007 12:44 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




delta_one wrote:
hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? Confused


If someone hacks in to remote database or read privated files, then usernames and passwords can be considered as worthy data to be stolen. People tend to use same or similar passwords in many places and if you can get someone's password for some forum or blog, then same password can open many other "locks". Now, there were times, when passwords were stored as plain text. As for now, 21. century, most of the passwords are stored as hashes or even salted hashes. In this way, if hacker can steal your password's hash, he/she still does not know real, plain text password. But there comes better part - simple hashes can be 1) bruteforced, 2)cracked by wordlists, 3)cracked by rainbow tables.

Still i must admit, that IF password is very good, THEN hash cracking is not possible, period Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Nov 02, 2007 7:10 am Reply with quote
delta_one
Beginner
Beginner
Joined: Nov 01, 2007
Posts: 2




Thank you very much I understand what they are used for now lol and why people want them. Thanks.
View user's profile Send private message
md5 hashes... please explain
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.045 Seconds