|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 140
Members: 0
Total: 140
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
joomla admin needs help with a salted crack |
|
Posted: Sat Jan 03, 2009 3:43 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
Hi,
first of all this is my first post and i have to confess i haven't read any forum rules so forgive me if i break something
I am a joomla administrator hosting a phpbb3 with a bridge to the joomla database that allows authentication to go from joombla to the phpbb.
For a number of reasons i am in need to crack a joomla password hash of a user of mine. ( and even if i can easly reset it the objective is to crack it )
the password hash i got from joombla database is
user:c6c7d32a43dcca085c0bcf4d9955a2d5:K3Nd8jFDeeF87WV0GZUtS2YnVCEHsCCT
I have read extensive about this issue and for what i can understand the MD5 pasword is salted.
i downloaded PasswordsPro to evalute if i could crack it but i am in a bit of trouble because of the salted format.
I have read people say that joomla salts the password in
md5(md5$pass.md5$salt)
others say
md5$pass.$salt
etc etc etc...
since i takes a lot of time to try every possible combination and i hardly have the cpu power to make a distributed crack of salted hash and because i dont seem to get a consense i am requesting the help of a good samaritan.
My joomla version is "Joomla! 1.5.7"
I dont really have nothing to offer in return but my thanks.
Can anyone help me or even give me a Tip ?
Update:
SO after a itle more digging it seems that md5($pass.$salt) is the way to go. 5 days left on a-z & A-Z. Can anyone do it faster ? |
|
|
|
|
|
|
|
|
Posted: Mon Jan 05, 2009 2:44 pm |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
Shameless *bump* and update
Failed... Is there someone smarter then me ? |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Tue Jan 06, 2009 2:57 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
|
|
|
|
Posted: Tue Jan 06, 2009 3:20 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
thanks i apreciate it.
I got my hands on a DUO quadcore however it seems that passwordspro doesn't work with multiprocessors.
i am trying a
a-z & A-Z & 1-9
Gona take 15 days ...
My best. |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Wed Jan 07, 2009 10:49 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
tehhunter wrote: | I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
Any luck tehhunter ? i have 10 days remaining ... and no luck yet ! |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Wed Jan 07, 2009 12:16 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Rastlin wrote: | tehhunter wrote: | I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
Any luck tehhunter ? i have 10 days remaining ... and no luck yet ! |
If you don't have information about complexity of the original password, then you can't estimate cracking time in any way. And by the way, md5 hashes for good passwords are practically uncrackable at current tech level. |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Wed Jan 07, 2009 3:05 pm |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
waraxe wrote: | Rastlin wrote: | tehhunter wrote: | I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
Any luck tehhunter ? i have 10 days remaining ... and no luck yet ! |
If you don't have information about complexity of the original password, then you can't estimate cracking time in any way. And by the way, md5 hashes for good passwords are practically uncrackable at current tech level. |
I should have said 10 days with current charset ..
BTW check this .... http://www.waraxe.us/ftopicp-16587.html#16587 |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Wed Jan 07, 2009 3:30 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Rastlin wrote: | waraxe wrote: | Rastlin wrote: | tehhunter wrote: | I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
Any luck tehhunter ? i have 10 days remaining ... and no luck yet ! |
If you don't have information about complexity of the original password, then you can't estimate cracking time in any way. And by the way, md5 hashes for good passwords are practically uncrackable at current tech level. |
I should have said 10 days with current charset ..
BTW check this .... http://www.waraxe.us/ftopicp-16587.html#16587 |
Yes, nice firepower |
|
|
|
|
Posted: Wed Jan 07, 2009 3:33 pm |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
thanks .. i am thinking of adding another gpu ... i have room for 2 more ... |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Thu Jan 08, 2009 11:07 pm |
|
|
Alkindiii |
Regular user |
|
|
Joined: Jan 09, 2009 |
Posts: 19 |
|
|
|
|
|
|
|
Rastlin wrote: | waraxe wrote: | Rastlin wrote: | tehhunter wrote: | I'm trying my special designed hybrid crack mode, I'll get back to you in a few hours. |
Any luck tehhunter ? i have 10 days remaining ... and no luck yet ! |
If you don't have information about complexity of the original password, then you can't estimate cracking time in any way. And by the way, md5 hashes for good passwords are practically uncrackable at current tech level. |
I should have said 10 days with current charset ..
BTW check this .... http://www.waraxe.us/ftopicp-16587.html#16587 |
Hi Rastlin,
Can you please use your "firepower" to crack some Joomla's hashes (I think it's md5($pass.$salt) as you said).
Here is the salted md5 hashes :
9cab8bcf2921e44b72cb21c001694cbd:sBv8TuYYYoIhDrHT
c8cb59cdb2dd8e8d1c73adef8c531433:k5l81Ip2YXeMhMN3
2962564ac548bde72ba37739fc99fb92:Rku2o3w8qonr1P23
1104fbbfa6976957d878e9489f054802:0EAKGk7u7PvqiTeR
Thanks in advance. |
|
|
|
|
|
|
|
|
Posted: Thu Jan 08, 2009 11:44 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Plaintext of 1104fbbfa6976957d878e9489f054802 is Yeor25
|
|
|
|
|
Posted: Fri Jan 09, 2009 7:26 am |
|
|
Alkindiii |
Regular user |
|
|
Joined: Jan 09, 2009 |
Posts: 19 |
|
|
|
|
|
|
|
Thanks waraxe
Did you brute forced it using PasswordsPro or something else?
I need to crack more salted md5 using online rainbow tables, does someone know any good website or any md5 search engine for that?? |
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Fri Jan 09, 2009 11:13 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
[quote="Alkindiii]
Hi Rastlin,
Can you please use your "firepower" to crack some Joomla's hashes (I think it's md5($pass.$salt) as you said).
Here is the salted md5 hashes :
9cab8bcf2921e44b72cb21c001694cbd:sBv8TuYYYoIhDrHT
c8cb59cdb2dd8e8d1c73adef8c531433:k5l81Ip2YXeMhMN3
2962564ac548bde72ba37739fc99fb92:Rku2o3w8qonr1P23
1104fbbfa6976957d878e9489f054802:0EAKGk7u7PvqiTeR
Thanks in advance.[/quote]
I whould mind helping out but i have yet to find a md5 salted cracker that can make use of 32 processors.
Try this install paswordspro ( google it ) and use the program to try and crack the salted md5 hash.
But before you do that go to http://www.md5this.com/wordlists.html get as many wordlists as you can and put them all in a directory and insert them into the passwordspro configuration. A carefull configuration of the cracking method and hybrid rules can be very time saving.
I have yet to find a salted rainbow table however i am kind of new to hash cracking ( i mean besides the use of the old L0pthCrack and john the ripper), maybe someone with more experience can point you to the right direction. |
|
|
|
|
|
|
Re: joomla admin needs help with a salted crack |
|
Posted: Fri Jan 09, 2009 11:13 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
Rastlin wrote: | Alkindiii wrote: |
Hi Rastlin,
Can you please use your "firepower" to crack some Joomla's hashes (I think it's md5($pass.$salt) as you said).
Here is the salted md5 hashes :
9cab8bcf2921e44b72cb21c001694cbd:sBv8TuYYYoIhDrHT
c8cb59cdb2dd8e8d1c73adef8c531433:k5l81Ip2YXeMhMN3
2962564ac548bde72ba37739fc99fb92:Rku2o3w8qonr1P23
1104fbbfa6976957d878e9489f054802:0EAKGk7u7PvqiTeR
Thanks in advance. |
I dont mind helping out but i have yet to find a md5 salted cracker that can make use of 32 processors.
Try this, install paswordspro ( google it ) and use the program to try and crack the salted md5 hash.
But before you do that go to http://www.md5this.com/wordlists.html get as many wordlists as you can and put them all in a directory and insert them into the passwordspro configuration. A carefull configuration of the cracking method and hybrid rules can be very time saving.
I have yet to find a salted rainbow table however i am kind of new to hash cracking ( i mean besides the use of the old L0pthCrack and john the ripper), maybe someone with more experience can point you to the right direction. |
|
|
|
|
|
|
|
|
|
Posted: Fri Jan 09, 2009 11:40 am |
|
|
Alkindiii |
Regular user |
|
|
Joined: Jan 09, 2009 |
Posts: 19 |
|
|
|
|
|
|
|
I use PasswordsPro and I think it's the fastest md5 salted cracker. But I only have one machine with one CPU
What I need is an online large ranbow tables that can crack salted md5(pass.salt) or a search engine for salted md5. |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|