 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 70
 Members: 0
 Total: 70
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Need help with salted md5 hashes |
|
 Posted: Thu Nov 26, 2009 8:08 pm |
 |
|
| Ikalou |
| Regular user |
 |
|
| Joined: Nov 26, 2009 |
| Posts: 6 |
| Location: France |
|
|
 |
|
 |
|
Hi guys,
I am having issues with hundreds of salted hashes. Since they come from a Joomla-powered website, I assume these are md5($pass.$salt). Could please someone confirm me that? I've been trying to brute force them for two weeks without success so far. Maybe you guys can have a try?
29dc1cf333fe6e59adce0413083b019c:sctk5gnj0siy413y
c45f1d9fe2a03f6384856011a2c395f4:niiihcydkycar3q9
342768008fed2d0e08c28a46c25ea74c:dz3waf7nph8jpxf4
311c0a140e04d262d3f9c8a6ea78ecb1:ceewi2usddzlpfop
6e834318c397357c2103f734031300e2:giyaypkiipvoknwz
5a4b2f74d76ee563220098680c4f0a53:fjmrdlovqsrmqkoi
574a205f2b5ba0c6d4f20a57bd9ee24e:2uktmq4odttviphx
21be7f9ff7fe3d7dfbf7d2da1a698486:ry3uuwu3v6pjfktc
e6a287825bdc32e4d9310d9598e8e07f:ajq71imznomczu0a
36dd2f561ec2f4b9516f8fa1fc291a89:gzfjkjcthk7yhdyp
65bafe17d2b2a601730b2893950a8a81:zuclfrlqh5cesemm
d3ac16b0d42616c80a871665096a60e4:delbj54q27uy4sdb
7ba9aafe96b63ea92df0092f74cc80ac:3uvwg19ll6iva1li
de1f402177749c147d8217e8e4477cce:9jpvfty8zhzr1coa
2d2affc6ee1b53672ccd593dd2401264:xtrzsuixixu8zx9x
bc86c1736e34bd4e72130bd21d5d1ff3:h92i5p59nsj9uyze
26e4cf998a72c8aa450b35658d10e548:anmpq9efdj6p20cj
c220eb4ef5df2bc65ff5551f994f930b:nk6dsvwfpz8msoye
c4c517e23358379d09af6fef17ba6727:f6orksiwslmenbhr
3666564180bfbdb7cc7176e5488874cf:px119nb8yi3kpbb8
(...)
Besides, there are also two or three dozens of non-salted hashes on the same table.
aaeff3db509befd9c1365767dfbd833
1b86bb4390f7da31f57390d14aec3637
b4ecf9c7d5b464c52b1a1796b9cb75e4
4c949f155f5ffea08818a08dd2b2b4d4
0e7befb752b8058a7e80b7b8e42b5d49
36cd2a1a08155f078d6c666d1fc1fac3
b4b93bfb1836c854b375637704f35ba8
a0e5d103ab9094d156b65d1fa9cb0e44
f04d427e68d563797cb646cb90aa955c
ddda9c3cdb3c1761173ca820e3434c22
(...)
How do you explain it?
Any help, any advice of any kind would be most welcome.
Thanks, Ikalou. |
|
|
|
|
|
|
|
|
| Posted: Fri Nov 27, 2009 12:22 am |
|
|
| aritmos |
| Advanced user |
 |
|
| Joined: Jul 21, 2008 |
| Posts: 82 |
| Location: Inside a salted MD5 |
|
|
|
|
|
|
aaeff3db509befd9c1365767dfbd833 Not valid MD5
1b86bb4390f7da31f57390d14aec3637:NREskR
b4ecf9c7d5b464c52b1a1796b9cb75e4:6nIFqx
0e7befb752b8058a7e80b7b8e42b5d49:vsaZBD |
|
|
|
|
| Posted: Fri Nov 27, 2009 10:55 am |
|
|
| Ikalou |
| Regular user |
|
|
| Joined: Nov 26, 2009 |
| Posts: 6 |
| Location: France |
|
|
|
|
|
|
Thanks a lot aritmos.
It appears that at least all unsalted hashes, probably all of them, are 6 chars long randomly generated passwords with mixed upper/lower case letters and numbers. I am to focus on all others unsalted hashes first.
Also, sorry for the wrong md5. It's 2aaeff3db509befd9c1365767dfbd833.
I'll keep you up.
Thanks again. |
|
|
|
|
| Posted: Fri Nov 27, 2009 6:09 pm |
|
|
| Ikalou |
| Regular user |
|
|
| Joined: Nov 26, 2009 |
| Posts: 6 |
| Location: France |
|
|
|
|
|
|
Thanks to your help, I have successfully solved all unsalted md5.
[EDIT]
Now I'm having troubles with salted ones.
The string "vsaZBD" gives "66f5e80bceded99487e04b0eb69433a4:487drwlaspx3ndlv" once salted.
And "cZgzs4" gives "e5a804412f90f979d2d74b18b7d8f885:te28dtqk8w3optwh"
I can't figure out how the salt is used. Any help please? |
|
|
|
|
| Posted: Sun Nov 29, 2009 7:32 pm |
|
|
| Ikalou |
| Regular user |
|
|
| Joined: Nov 26, 2009 |
| Posts: 6 |
| Location: France |
|
|
|
|
|
|
I tried almost all possible pass/salt combinations and found nothing 
Am I doing something wrong?
pass: Ifs9rM
salt: 7cvdurgdxmozr6zk
result: 2c89a803b2cb8eb6e050d0d62e737eb9:7cvdurgdxmozr6zk
You really have no idea how this salt is used? |
|
|
|
|
| Posted: Sun Nov 29, 2009 10:14 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Well this is how it works:
you have the actual password and the salt in 2 variables $pass and $salt for example.
Now what joomla (i assume those are joomla hashes) does it it takes the password, just appends the salt at the end. then it uses the md5 algorithm on that whole string. The outcome is the 32 character hash you have.
When you log in on a forum, the php page will calculate that hash like i described, and then it compares the hash to the hash stored in the forum database. If it matches, you're logged in  |
|
|
|
|
|
|
|
|
| Posted: Mon Nov 30, 2009 7:32 am |
|
|
| Ikalou |
| Regular user |
|
|
| Joined: Nov 26, 2009 |
| Posts: 6 |
| Location: France |
|
|
|
|
|
|
Thanks for your reply,
Yes, these are joomla (1.1 rc2) hashes, but seems like the salt is NOT just append to the password. Some accounts were not salted yet, probably for they never logged in after salt was handled. Passwords are 6 char long and very easy to crack... unless I can't use the salt.
For instance:
$pass = 'Ifs9rM' (I'm sure about that)
$salt = '7cvdurgdxmozr6zk'
I would expect the following:
md5($pass.$salt).':'.$salt = 'eb393054596991a4177f49a55c827e31:7cvdurgdxmozr6zk'
When the password field contains: '2c89a803b2cb8eb6e050d0d62e737eb9:7cvdurgdxmozr6zk'
I can't get it
==
[EDIT] Okay, topic closed. Capitalization problem. Thanks everyone. |
|
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
