|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Proof of Concept (Requesting help with hash/salt) |
|
Posted: Wed Feb 04, 2009 1:55 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
I am attempting to crack the hash/salt password from IPB. I am running PasswordPro and realize it is a good tool, but not the fastest.
I do not have the GPU Brute Force application, because I don't have a supported video card. I do understand it is a lot faster then Passwordpro.
I am going to keep running Passwordpro in attempt to get the password, however if anyone is interested in helping me speed up the process here is the two hash/salts.
0da41019d0fc61dadb34ecf7ce86c27f `W]Q7
779e8d81fac212bb7c74d2beb2170f27 Kfp*8 |
|
|
|
|
Posted: Wed Feb 04, 2009 3:53 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
[1] collison found: 779e8d81fac212bb7c74d2beb2170f27:Kfp*8 is plaintext youwillneverknow |
|
|
|
|
Posted: Wed Feb 04, 2009 3:56 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
tehhunter wrote: | [1] collison found: 779e8d81fac212bb7c74d2beb2170f27:Kfp*8 is plaintext youwillneverknow |
Awesome dude, I'm still "cracking" with passwordpro.
Can you tell me what you used?
Method (Brute Force, Rainbow, etc....)
and system specs? |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 4:09 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
xxvvyy wrote: | tehhunter wrote: | [1] collison found: 779e8d81fac212bb7c74d2beb2170f27:Kfp*8 is plaintext youwillneverknow |
Awesome dude, I'm still "cracking" with passwordpro.
Can you tell me what you used?
Method (Brute Force, Rainbow, etc....)
and system specs? | I'm using a macbook pro and its admittedly a good laptop, though still pales in comparison to what some better desktop computers can do.
Anyway, I'm using a program I wrote myself in Java called Crypto that tries wordlists I've gotten and found were quite good and from them tries permutations of each word and also tries adding common endings onto them.
Your specific password right here came up in my wordlists near the very end of the first run (where I just try every word I have as-is with no modifications). I was surprised cause its a random ass one lol. |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 4:17 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
tehhunter wrote: | xxvvyy wrote: | tehhunter wrote: | [1] collison found: 779e8d81fac212bb7c74d2beb2170f27:Kfp*8 is plaintext youwillneverknow |
Awesome dude, I'm still "cracking" with passwordpro.
Can you tell me what you used?
Method (Brute Force, Rainbow, etc....)
and system specs? | I'm using a macbook pro and its admittedly a good laptop, though still pales in comparison to what some better desktop computers can do.
Anyway, I'm using a program I wrote myself in Java called Crypto that tries wordlists I've gotten and found were quite good and from them tries permutations of each word and also tries adding common endings onto them.
Your specific password right here came up in my wordlists near the very end of the first run (where I just try every word I have as-is with no modifications). I was surprised cause its a random ass one lol. |
Very good!
I have no extreme need for the password, but am interested in understanding the cryptology process.
Maybe you could enlighten me on some of the finer points of cracking an encrypted password?
Also, how long did it take you to crack the passwd? |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 4:28 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
Here's the output from my prog:
Code: | ________________________________________________________________
| <<Crypto v0.2.0>> |
| by <xxx> <xxx@gmail.com> |
| Questions? Comments? Feedback? Things you'd like to see? |
| Please send me an email, I read all of it. |
| If you are reporting a bug, send me all of your program output|
-----------------------------------------------------------------
** Note: If you are using the -server parameter to run this program,
the estimated time remaining (etr) may flucuate and not be
as accurate. This is due to the constant optimization being
used by Sun's HotSpot JIT compiler
Loading hashes from reg_hashes.txt ... [OK]
-> Loaded 1 hashes total
>>>>> Hash file (vb_hashes.txt) does not exist!
Loading hashes from ipb_hashes.txt ... [OK]
-> Loaded 2 hashes total
Loading hashes from joomla_hashes.txt ... [OK]
Loading endings from /wordslists/endings.txt ... [OK]
Loading wordlists from /wordslists/*.dic ...
-> Loading words from allfound.dic (43kb) ... [OK]
-> Loading words from commonlastnames.dic (144kb) ... [OK]
-> Loading words from commonnames.dic (14kb) ... [OK]
-> Loading words from commonpasswords.dic (5kb) ... [OK]
-> Loading words from commonwords.dic (15kb) ... [OK]
-> Loading words from D8.dic (732kb) ... [OK]
-> Loading words from insidepro.dic (2619kb) ... [OK]
-> Loading words from jargon.dic (85kb) ... [OK]
-> Loading words from keyboard.dic (2kb) ... [OK]
-> Loading words from kjbible.dic (103kb) ... [OK]
-> Loading words from mil-dic.dic (676kb) ... [OK]
-> Loading words from new.dic (0kb) ... [OK]
-> Loading words from NORM.dic (629kb) ... [OK]
-> Loading words from opencrack_plains2.dic (8309kb) ... [OK]
-> Loading words from password2.dic (15kb) ... [OK]
-> Loading words from wordsEn.dic (1127kb) ... [OK]
-> Loading words from world_factbook.dic (217kb) ... [OK]
*** To add more words, add files in /wordlists/ ending in .dic
They will be automatically loaded
2832906 words loaded from 17 files
>>>>>
Initial run, trying all words as loaded without permutations ...
[0] 0 of 2832906, etr:
[0] 100000 of 2832906, etr: 57 seconds
[0] 200000 of 2832906, etr: 43 seconds
[0] 300000 of 2832906, etr: 41 seconds
[0] 400000 of 2832906, etr: 40 seconds
[0] 500000 of 2832906, etr: 38 seconds
[0] 600000 of 2832906, etr: 36 seconds
[0] 700000 of 2832906, etr: 34 seconds
[0] 800000 of 2832906, etr: 33 seconds
[0] 900000 of 2832906, etr: 31 seconds
[0] 1000000 of 2832906, etr: 30 seconds
[0] 1100000 of 2832906, etr: 28 seconds
[0] 1200000 of 2832906, etr: 26 seconds
[0] 1300000 of 2832906, etr: 24 seconds
[0] 1400000 of 2832906, etr: 23 seconds
[0] 1500000 of 2832906, etr: 21 seconds
[0] 1600000 of 2832906, etr: 20 seconds
[0] 1700000 of 2832906, etr: 18 seconds
[0] 1800000 of 2832906, etr: 16 seconds
[0] 1900000 of 2832906, etr: 15 seconds
[0] 2000000 of 2832906, etr: 13 seconds
[0] 2100000 of 2832906, etr: 11 seconds
[0] 2200000 of 2832906, etr: 10 seconds
[0] 2300000 of 2832906, etr: 8 seconds
[0] 2400000 of 2832906, etr: 6 seconds
[0] 2500000 of 2832906, etr: 5 seconds
[0] 2600000 of 2832906, etr: 3 seconds
[1] collison found: 779e8d81fac212bb7c74d2beb2170f27:Kfp*8 is plaintext youwillneverknow
[1] 2700000 of 2832906, etr: 1 seconds
[1] 2800000 of 2832906, etr:
Initial run finished ...
<<<<< | So that's the output and as you can see it didn't take much time at all.
A few tips:
-Always seek better methods (this is purposely vague). On a slower computer or one with a bad graphics card, you have to be more clever about how you try to crack passwords. My strategy was
1) Make programs to collect common names, last names, nick names, passwords, keyboard combinations, and words
2) (I created but you could just get it from me I guess) A file that contains common endings to passwords (aka 123->234->345->...->1337->098, etc)
3) Use permutations (which is what I'm doing with the other pass right now) (aka doggy->DoGGY->DOGGY->D0GGY)
4) Combine permutations and common endings
This gets the most thorough coverage of passwords in my opinion. I only have around 2 million something words in my list (relatively small) but with all this above it gets multiplied by a factor of 12(num of per.) * (50)(num of endings).
Oh, and a really, really good tip: use cracked word lists from cracking websites like Opencrack, or milw0rm etc. Those are the backbone of my cracking.
Anyway, if you have any more q's, toss em my way. |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 4:35 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
tehhunter wrote: |
Anyway, if you have any more q's, toss em my way. |
I have a ton now, but my importantly is one off topic.
I am trying to figure out what I'm doing wrong with a variant of waraxes IPB SQL sploit.
I am trying to find the user name that is associated with the password you cracked.
For some reason that sploit is returning syntax errors, even after attempting to correct the situation that waraxe provided. |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 7:16 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
xxvvyy wrote: | tehhunter wrote: |
Anyway, if you have any more q's, toss em my way. |
I have a ton now, but my importantly is one off topic.
I am trying to figure out what I'm doing wrong with a variant of waraxes IPB SQL sploit.
I am trying to find the user name that is associated with the password you cracked.
For some reason that sploit is returning syntax errors, even after attempting to correct the situation that waraxe provided. | Getting the username is simple enough, you just have to know the easy things a board gives you. If you click on a user's profile, then look at the url, you'll notice that the ID number at the top is the same as the one used to extract the hash. I just checked and I think it might be something along the lines of
index.php?showuser=23144 so just try to find it like that, its not hard
* If that type of url above doesn't work for some reason, just manually click on a user's profile and change the url at the top of the screen |
|
|
|
|
|
|
|
|
Posted: Wed Feb 04, 2009 7:31 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
tehhunter wrote: |
* If that type of url above doesn't work for some reason, just manually click on a user's profile and change the url at the top of the screen |
I'll try that next, but I can't with the way the board is setup with not being able to login in to one of these accounts.
I am learning passwordpro (Hybrid attack) now. Having some troubles. Maybe you can assist?
7377ce08fe232b3d9d605ecfda17df5d:Nou*k
0fa6b5d30c31a119eac4582e894ee8a2:ex&<X
7b59491b6f89a0adf315b73dfc542821:4JJ05
151a0fb2c751bba20c24c379bbdf0e07:Yr]}_
96e8a381cec4458196abb1d8453a3625:[EnHP
b365a5b4802179b588b1fdfaffcbf5b3:KOJ]e |
|
|
|
|
Posted: Wed Feb 04, 2009 3:12 pm |
|
|
SpyderMonkey |
Advanced user |
|
|
Joined: Dec 20, 2008 |
Posts: 233 |
|
|
|
|
|
|
|
7b59491b6f89a0adf315b73dfc542821 = 6153 |
|
|
|
|
Posted: Wed Feb 04, 2009 6:17 pm |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
xxvvyy wrote: | tehhunter wrote: |
* If that type of url above doesn't work for some reason, just manually click on a user's profile and change the url at the top of the screen |
I'll try that next, but I can't with the way the board is setup with not being able to login in to one of these accounts.
I am learning passwordpro (Hybrid attack) now. Having some troubles. Maybe you can assist?
7377ce08fe232b3d9d605ecfda17df5d:Nou*k
0fa6b5d30c31a119eac4582e894ee8a2:ex&<X
7b59491b6f89a0adf315b73dfc542821:4JJ05
151a0fb2c751bba20c24c379bbdf0e07:Yr]}_
96e8a381cec4458196abb1d8453a3625:[EnHP
b365a5b4802179b588b1fdfaffcbf5b3:KOJ]e | I'll try these, but you can't even register an account yourself? |
|
|
|
|
|
|
|
|
Posted: Thu Feb 05, 2009 6:56 am |
|
|
xxvvyy |
Regular user |
|
|
Joined: Feb 04, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
tehhunter wrote: | xxvvyy wrote: | tehhunter wrote: |
* If that type of url above doesn't work for some reason, just manually click on a user's profile and change the url at the top of the screen |
I'll try that next, but I can't with the way the board is setup with not being able to login in to one of these accounts.
I am learning passwordpro (Hybrid attack) now. Having some troubles. Maybe you can assist?
7377ce08fe232b3d9d605ecfda17df5d:Nou*k
0fa6b5d30c31a119eac4582e894ee8a2:ex&<X
7b59491b6f89a0adf315b73dfc542821:4JJ05
151a0fb2c751bba20c24c379bbdf0e07:Yr]}_
96e8a381cec4458196abb1d8453a3625:[EnHP
b365a5b4802179b588b1fdfaffcbf5b3:KOJ]e | I'll try these, but you can't even register an account yourself? |
I can register an account, but I need a certain amount of posts to view the members list. I am trying to circumvent this
I did come up with two
edd366a1870ebd085a010e50b65c4ee4:WcUP* = cactus
e4b196cab923d230de2fb52685c61c00:;"8<g = brothers |
|
|
|
|
|
|
|
|
Posted: Fri Feb 06, 2009 12:40 pm |
|
|
SpyderMonkey |
Advanced user |
|
|
Joined: Dec 20, 2008 |
Posts: 233 |
|
|
|
|
|
|
|
0fa6b5d30c31a119eac4582e894ee8a2:ex&<X = tankman1 |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|