 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Leopard: Salted SHA-1 Cracking Help |
 |
 Posted: Fri Feb 13, 2009 1:44 am |
 |
|
| devilsson2010 |
| Regular user |
 |
|
| Joined: Feb 13, 2009 |
| Posts: 5 |
|
|
|
 |
|
 |
|
I have a salted SHA-1 password from Leopard I need decrypted. Can anyone help me out please?
admin_SSHA1___:156EE94BD1342557FBA8373EDC1F0FC37804037E3857C1BD |
|
Last edited by devilsson2010 on Sat Feb 14, 2009 4:32 am; edited 1 time in total |
|
|
|
| Posted: Sat Feb 14, 2009 4:29 am |
|
|
| devilsson2010 |
| Regular user |
|
|
| Joined: Feb 13, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
Alternatively, could someone give me the name of the fastest salted SHA-1 cracker? I was looking at the Extreme GPU Bruteforcer but I'm not buying anything.
I realize it'll take for freaking ever to crack, like to the end of time, since I'm pretty sure it's 13 characters alphanumeric with special characters.
By the way John the Ripper is too slow on Salted SHA-1, but what isn't... |
|
|
|
|
| Posted: Sat Feb 14, 2009 5:24 am |
|
|
| slsl |
| Advanced user |
|
|
| Joined: Oct 14, 2008 |
| Posts: 66 |
|
|
|
|
|
|
|
You would probably have better luck just asking the guy for the password do you know what the salting method was?
NVM didnt read full post sorry
but im guessing JTR would be your best bet |
|
Last edited by slsl on Sat Feb 14, 2009 5:28 am; edited 1 time in total |
|
|
|
|
|
|
|
| Posted: Sat Feb 14, 2009 5:28 am |
|
|
| devilsson2010 |
| Regular user |
|
|
| Joined: Feb 13, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
I do know that you can make Macs use an NTLM hash if you turn on Windows File Sharing. But the bad news is that to turn it on for any account, you need that account's password so it's kind of useless in this situation.
| slsl wrote: | | You would probably have better luck just asking the guy for the password |
Yea that won't work, they know what I'll do with it and won't tell me ;(
The only thing I can think of to do is to have them enter it for whatever reason, and either keylog it or see what keys I can get then generate everything around it.
Example:
If I see them enter FOEY***HJ**BD, where the * are keys I didn't see, then I just need to generate a list for those 5 missing characters, which is 93^5, or 6,956,883,693.
Still a lot less than 93^13.
| slsl wrote: | | but im guessing JTR would be your best bet |
Sad face... |
|
|
|
|
|
|
|
|
| Posted: Sat Feb 14, 2009 5:36 am |
|
|
| slsl |
| Advanced user |
|
|
| Joined: Oct 14, 2008 |
| Posts: 66 |
|
|
|
|
|
|
|
if you know part of the password, i don't know any programs that allow partial passwords but you can try to code your own bruteforcer.
alternatively you could make a prgram to generate a split up wordlist with those letters |
|
|
|
|
| Posted: Sat Feb 14, 2009 5:40 am |
|
|
| devilsson2010 |
| Regular user |
|
|
| Joined: Feb 13, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
| slsl wrote: | | alternatively you could make a prgram to generate a split up wordlist with those letters |
Yea that's what I was going to do. Using the example above, FOEY***HJ**BD, I would do something like generate two random strings, string 1 and string 2, then output: "FOEY" + string1 + "HJ" + string2 + "BD". then pipe the output to john's stdin.
I have code from an old program I could quickly modify.
But yeah... There's still the problem of making them login and having me see them enter it. |
|
|
|
|
| Posted: Sun Feb 15, 2009 6:10 am |
|
|
| devilsson2010 |
| Regular user |
|
|
| Joined: Feb 13, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
Whoa, wtf?
Also, what does "ftell: No error" mean? |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 51
Members: 0
Total: 51
