Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: September 8, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 83 Members: 0 Total: 83 Full disclosure [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) [SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312) [SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269) [SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434) [SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23) Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) HackTool.Win32.Freezer.br (WinSpy) / Insecure CredentialStorage Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials Backdoor.Win32.JustJoke.2 1 (BackDoor Pro) / Unauthenticated Remote Command Execution Backdoor.Win32.PoisonIvy. ymw / Insecure Credential Storage [SYSS-2024-024]: C-MOR Video Surveillance - Improper Access Control (CWE-284) [SYSS-2024-023]: C-MOR Video Surveillance - SQL Injection(CWE-89) [SYSS-2024-022]: C-MOR Video Surveillance - Cross-Site Request Forgery (CWE-352) [SYSS-2024-021]: C-MOR Video Surveillance - Persistent Cross-Site Scripting (CWE-79) IT Security and Insecurity Portal www.waraxe.us Forum Index -> All other hashes -> Salted SHA-1 hashes View previous topic :: View next topic Salted SHA-1 hashes Posted: Fri Nov 07, 2008 7:38 pm ApolloJain Beginner Joined: Nov 07, 2008 Posts: 4 I have no access to a good computer so it is impossible to crack a hash in a reasonable amount of time. Thanks in advance. Also, post what dictionary you used and which program. hash1: 2B74D47199B354D472437CCB57040A21FACB72CF4B5B0AF4 hash2: 003AA2321FE6379EF15DB450CA50D8A3FA735E92631EFD66 Thanks!, Apollo Posted: Sat Nov 08, 2008 8:53 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Salted? Where is salt then? And what algorithm? Al Gore - ithim Posted: Mon Nov 10, 2008 1:51 pm ApolloJain Beginner Joined: Nov 07, 2008 Posts: 4 I believe the algorithm to be SHA-1 They are from Mac OSX 10.4.11 and were extracted using MacKrack Does that help at all? Also, I thought the salt was the first 6 digits but IDK for sure. Re: Al Gore - ithim Posted: Mon Nov 10, 2008 2:23 pm ApolloJain Beginner Joined: Nov 07, 2008 Posts: 4 Excuse my pun I imagine the passwords being between 7 and 10 but they could probably be anywhere from 5 to 12. Posted: Mon Nov 10, 2008 2:45 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu I found good article about such hashes: http://www.dribin.org/dave/blog/archives/2006/04/28/os_x_passwords_2/ ... and i'm trying right now some tricks in order to be able to crack them with passwordspro. But there is no guarantee of course. And there was information, that JohnTheRipper is able to crack this hashes - i suggest to look at it. Rainbox Tables Posted: Mon Nov 10, 2008 5:30 pm ApolloJain Beginner Joined: Nov 07, 2008 Posts: 4 Would online SHA-1 rainbow table be put to any use or not in Sha-1 salt algorithm, isn't the format SALTPASSWORD so if your password was qwerty with a salt of 12345 wouldn't it be hashed Sha1 as 12345qwerty and if you took off the salt of the front of the hash you could search it in a rainbow table and if the rainbow table had 12345qwerty could you find it? I ramble. Posted: Mon Nov 10, 2008 5:45 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu In case of MacOSX SHA-1 salted hashes you can't use traditional rainbow tables, because salt is 4 bytes of binary data. Chances are, that all four bytes of salt are alpha or alphanumeric or something like that, but in most cases those 4 bytes are containing non-traditional characters. For example, in one of your salts there is binary zero. So in other words you can't find downloadable rainbow tables with such charset (all 256 char variations) and building them yourself is not helping either, because they will be too big and performance too poor. Only real choices are bruteforce and wordlist methods. I tried all my wordlists and some limited bruteforce and got no success. If the password is strong enough, then it's very hard to crack or it can be virtually uncrackable in case of very good password ... Posted: Sat Nov 15, 2008 4:18 am Ricardo-san Regular user Joined: Nov 13, 2008 Posts: 11 Well, well, well...what do we have here? It seems Apollo wants to extract the root pass for our iBooks! Heh heh searching the pass on Google automatically came to this thread, seems like waraxe has a pretty good PageRank. I've been following this thread for a couple days now Apollo...seems you've gotten just as far as me. I've found the exact same hash hidden in var/db/shadow/hash/<guid> Code: 2B74D47199B354D472437CCB57040A21FACB72CF4B5B0AF4 I'm trying to compile John the Ripper thru single-user mode, but apparently the -make command doesn't exist. Anyway, I've tested around 200 wordlists with macKrack all with no results. Trying the brute force method just freezes my box. Btw, the salted hash should be this: Code: root:2B74D47199B354D472437CCB57040A21FACB72CF4B5B0AF4 If I'm not mistaken. Thanks for the help...um also another thing there is a way to reset the administrator password thru single-user mode, but extracting the hash is much more discreet. Resetting the password is easily noticeable lol if one of the admin's attempts to login. Salted SHA-1 hashes www.waraxe.us Forum Index -> All other hashes You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.138 Seconds