|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
What kind of hash? |
|
Posted: Thu Oct 23, 2008 7:31 pm |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
it is from vbulleti but y donñt find the format to insidepro.
$H$9tzhGvI3rsFJ1h6GgkKo3mC8//lBLq1
$H$9iIFV2KfEUDiY7Omn/h2bAF6esTOpq1
$H$915JSCuZ606LJlB7PbkhcUd/yRAil41
$H$9TaN/n8GEyzTrgmW8btk6k6owN0Noc/ |
|
|
|
|
Posted: Thu Oct 23, 2008 7:35 pm |
|
|
jhax |
Regular user |
|
|
Joined: Oct 23, 2008 |
Posts: 6 |
|
|
|
|
|
|
|
It should be md5(md5(pass)+salt) - maybe they changed it thou, download a copy and check the source. Thats the best way |
|
|
|
|
Posted: Thu Oct 23, 2008 7:53 pm |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
jhax wrote: | It should be md5(md5(pass)+salt) - maybe they changed it thou, download a copy and check the source. Thats the best way |
I don´t think so. ANy other posibility? |
|
|
|
|
Posted: Thu Oct 23, 2008 7:58 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Try MD5(phpbb3), seems to be similar ... |
|
|
|
|
Posted: Thu Oct 23, 2008 8:15 pm |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
$H$9iIFV2KfEUDiY7Omn/h2bAF6esTOpq1 is this pass 13911961 because is my pass but i don´t get to decypt with phpbb3 or any other, what is the salt of this hashes? |
|
|
|
|
|
|
|
|
Posted: Thu Oct 23, 2008 8:35 pm |
|
|
jhax |
Regular user |
|
|
Joined: Oct 23, 2008 |
Posts: 6 |
|
|
|
|
|
|
|
Code: |
$db->query_write("
INSERT INTO " . TABLE_PREFIX . "user
(username, salt, password, email, usertitle, joindate, lastvisit, lastactivity, usergroupid, passworddate, options, showvbcode)
VALUES (
'" . $db->escape_string(htmlspecialchars_uni($vbulletin->GPC['username'])) . "',
'" . $db->escape_string($salt) . "',
'" . $db->escape_string(md5(md5($vbulletin->GPC['password']) . $salt)) . "',
'" . $db->escape_string($vbulletin->GPC['email']) . "',
'" . $db->escape_string($install_phrases['usergroup_admin_usertitle']) . "',
" . TIMENOW . ",
" . TIMENOW . ",
" . TIMENOW . ",
6,
FROM_UNIXTIME(" . TIMENOW . "),
2135,
2
)
");
|
As I said, its md5(md5(pass)+salt). The salt is NOT global, so every user has his own salt, which is 3 characters long and random. |
|
|
|
|
|
|
|
|
Posted: Thu Oct 23, 2008 8:43 pm |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
jhax wrote: | Code: |
$db->query_write("
INSERT INTO " . TABLE_PREFIX . "user
(username, salt, password, email, usertitle, joindate, lastvisit, lastactivity, usergroupid, passworddate, options, showvbcode)
VALUES (
'" . $db->escape_string(htmlspecialchars_uni($vbulletin->GPC['username'])) . "',
'" . $db->escape_string($salt) . "',
'" . $db->escape_string(md5(md5($vbulletin->GPC['password']) . $salt)) . "',
'" . $db->escape_string($vbulletin->GPC['email']) . "',
'" . $db->escape_string($install_phrases['usergroup_admin_usertitle']) . "',
" . TIMENOW . ",
" . TIMENOW . ",
" . TIMENOW . ",
6,
FROM_UNIXTIME(" . TIMENOW . "),
2135,
2
)
");
|
As I said, its md5(md5(pass)+salt). The salt is NOT global, so every user has his own salt, which is 3 characters long and random. |
Check this $H$9iIFV2KfEUDiY7Omn/h2bAF6esTOpq1 is this pass 13911961 with your solution and you don´t see any result. There is something incorret. |
|
|
|
|
|
|
|
|
Posted: Thu Oct 23, 2008 9:07 pm |
|
|
jhax |
Regular user |
|
|
Joined: Oct 23, 2008 |
Posts: 6 |
|
|
|
|
|
|
|
Erm, before you start bruteforcing you should check a few simple things, like the length of the hashes.
"echo <your hash> | wc -m" gives 31, which means its obviously not a pure md5 hash, as the $H$ would have given away as well.
As waraxe said, its something like a phpbb3 password. You can find out how their passwords are being generated in /includes/usersyystems/phpbb3.php.
Good luck |
|
|
|
|
|
|
|
|
Posted: Thu Oct 23, 2008 9:11 pm |
|
|
aritmos |
Advanced user |
|
|
Joined: Jul 21, 2008 |
Posts: 82 |
Location: Inside a salted MD5 |
|
|
|
|
|
|
jhax wrote: | Erm, before you start bruteforcing you should check a few simple things, like the length of the hashes.
"echo <your hash> | wc -m" gives 31, which means its obviously not a pure md5 hash, as the $H$ would have given away as well.
As waraxe said, its something like a phpbb3 password. You can find out how their passwords are being generated in /includes/usersyystems/phpbb3.php.
Good luck |
I´m checking this 13911961 password ebcause is my password of this hash $H$9iIFV2KfEUDiY7Omn/h2bAF6esTOpq1 , the system was phpb3 but was convert to smf. |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|