 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
A few vBulletin hashes [MD5 + Salt] |
 |
 Posted: Wed Nov 19, 2008 2:17 am |
 |
|
| tehhunter |
| Valuable expert |
 |
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
 |
|
 |
|
Hey guys,
Got myself some hashes to a vBulletin forum (by long and extensive drawn out blind sql injection), a few of which I wasn't able to crack on my own. I'd fully appreciate any help I could get on these.
User1:d110fd8ed0f59cc2c41f16294fadb7dc:k}s
User2:8d6d9bfd7e59a2b6b284f0e3e944542d:BXu
User3:b6985de9bd34ff3c185a5375f4f25574:Z_,
User4:4cadc0ec06c89f83a3c69f3ec1f78a2c:Zsn
**This last one uses a larger charset than a-z 0-9 1-7 chars
The method of salting is:
MD5(MD5(password).salt)
I've cracked a few of the easier ones (see below) already so I know that I'm at least on the right track, these just happen to be a little harder passwords is all.
Examples of ones I've cracked already:
User5:9da5766cfd7b893e4082f0b1e5d366fd:9sQ --> tom927
User6:e28670a3feada212595e15f434375530:(?7 --> 123456
User7:ee8b266c5cf1edbd303ffe88e7f92ce9:\X" --> qweqwe1
I'm fairly certain that these users use the charset a-z 0-9, but I could be wrong.
Thanks in advance for any help! |
|
|
|
|
|
|
|
|
| Posted: Wed Nov 19, 2008 4:02 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Plaintext of d110fd8ed0f59cc2c41f16294fadb7dc is 9905021
Plaintext of 4cadc0ec06c89f83a3c69f3ec1f78a2c is 90841212 |
|
|
|
|
| Posted: Wed Nov 19, 2008 4:44 am |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
| Thanks very much, waraxe, that was really helpful. Any chance on those last two passes or were they not found? |
|
|
|
|
| Posted: Wed Nov 19, 2008 4:51 pm |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
Oh, and one more, I just got the administrator/owner's hash and salt out of the database (you wouldn't believe how time consuming it is, I custom write about 4-5 queries per character of a 32 character hash 
Anyway, waraxe (and possibly some other nice fellows), is there a chance you could give it a try?
Admin:f2525ac36592e53de5c9cb9c6e9a9f97:y4:
Thanks again, I really appreciate your work. Also, I wonder if it would be possible to learn exactly how you crack your passwords and with what wordlists/rules exactly (unless that is, you would rather keep that a trade secret, which is fully alright by me)? Once again, thanks. |
|
|
|
|
|
|
|
|
| Posted: Thu Nov 20, 2008 2:14 am |
|
|
| rahat |
| Regular user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 20 |
|
|
|
|
|
|
|
m using inside's passwordpro and the dictionary set provided on the following page.
http://www.insidepro.com/eng/download.shtml
btw, simple dictionary attack didn't revealed anything regarding the above hash...
| tehhunter wrote: | | Oh, and one more, I just got the administrator/owner's hash and salt out of the database (you wouldn't believe how time consuming it is, I custom write about 4-5 queries per character of a 32 character hash |
and would you like sharing your technique? (either on the fora or pm, whatever is suitable for you) if it isn't a trade secret  |
|
|
|
|
|
|
|
|
| Posted: Thu Nov 20, 2008 5:34 am |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
| rahat wrote: | m using inside's passwordpro and the dictionary set provided on the following page.
http://www.insidepro.com/eng/download.shtml
btw, simple dictionary attack didn't revealed anything regarding the above hash...
| tehhunter wrote: | | Oh, and one more, I just got the administrator/owner's hash and salt out of the database (you wouldn't believe how time consuming it is, I custom write about 4-5 queries per character of a 32 character hash |
and would you like sharing your technique? (either on the fora or pm, whatever is suitable for you) if it isn't a trade secret |
Yeah, I could do that for sure. Tomorrow happens to be my worst day of the week though, so I might not get around to writing it all down by then, but hopefully by Friday. Hopefully it could get someone to write an automated program to do it (I would, as I know programming pretty damn well, but unfortunately, I don't know how to code for and deal with sessions in php, a necessary step for this particular exploit.
In the meantime, any help someone could give on this hash would be greatly appreciated. One of the hashes above went to a former admin's account (but he has no powers anymore  ). |
|
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
