|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
md5 hashes... please explain |
|
Posted: Thu Nov 01, 2007 5:18 am |
|
|
delta_one |
Beginner |
|
|
Joined: Nov 01, 2007 |
Posts: 2 |
|
|
|
|
|
|
|
hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? |
|
|
|
|
|
Re: md5 hashes... please explain |
|
Posted: Thu Nov 01, 2007 8:08 am |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
delta_one wrote: | hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? |
i will try to explain to you is simple words.
Most of the hashes posted in here are hashes that are stored into databases of web applications.
I forgat to mention :
from google:
A hash function h is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties.
md5 is a hash function that gets an any h value input and returns a 32 characters hex output
md5 funtion is used to "encypt" the value of the password of the users of a web app. for example :
a user register to a website and his password is stored encypted in the database so that the only one that knows it is the specific user .. NOT even the owner of the site should know it.
Now , regarding your other questions how to get it.
Most of the exploits can execute sql statements and the return value at most of the cases is an md5 hash value.
So you may get from an execution the following info
username : admin
password : 31435008693ce6976f45dedc5532e2c1
the 31435008693ce6976f45dedc5532e2c1 is the md5 of the password of the user.
md5 was made to be one way.
but with various techniques like rainbow tables / dictionary attacks / online datbases / bruteforce attack ... the value is returned to the plain value which at the the above case is
31435008693ce6976f45dedc5532e2c1 resolves to thisismypassword |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
Re: md5 hashes... please explain |
|
Posted: Thu Nov 01, 2007 12:44 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
delta_one wrote: | hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? |
If someone hacks in to remote database or read privated files, then usernames and passwords can be considered as worthy data to be stolen. People tend to use same or similar passwords in many places and if you can get someone's password for some forum or blog, then same password can open many other "locks". Now, there were times, when passwords were stored as plain text. As for now, 21. century, most of the passwords are stored as hashes or even salted hashes. In this way, if hacker can steal your password's hash, he/she still does not know real, plain text password. But there comes better part - simple hashes can be 1) bruteforced, 2)cracked by wordlists, 3)cracked by rainbow tables.
Still i must admit, that IF password is very good, THEN hash cracking is not possible, period |
|
|
|
|
|
|
|
|
Posted: Fri Nov 02, 2007 7:10 am |
|
|
delta_one |
Beginner |
|
|
Joined: Nov 01, 2007 |
Posts: 2 |
|
|
|
|
|
|
|
Thank you very much I understand what they are used for now lol and why people want them. Thanks. |
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|