 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Hash:Salt Concept? |
 |
 Posted: Sun Jun 21, 2009 10:10 am |
 |
|
| fedor_s |
| Beginner |
 |
|
| Joined: Jun 21, 2009 |
| Posts: 3 |
|
|
|
 |
|
 |
|
So, I'm starting security right? I've found a few xss and mysql exploits myself . . . er, but that's besides the point anyway.
I don't understand this Hash:Salt concept. How would you decode? I may be too sleepy to read up on wikipedia, but I need something simple because I can't grasp the understanding of this?
What specifically is a hash, and what is salt? And how shall I decode the MD5 encrypted string? I'm too sleepy to explain what I know.
So, I tried to use an ipb mysql injection script in php made by waraxe on my forums on localhost. So it was all successful, and I got a hash:salt returned.
But I have no idea how to decode it? Here's the hash:salt.
Hash: ead34fecf9d99e1dde4288b1f9e38c71
Salt: 'p0WU
I don't think I remember the password I put on there, but also, how do I actually use the information the script returned? I tried forging the cookie, but it doesn't login. Can somebody tell me how I use this? Thanks
-Incredibly sleepy. |
|
|
|
|
|
|
Re: Hash:Salt Concept? |
|
| Posted: Sun Jun 21, 2009 5:52 pm |
|
|
| brisk |
| Advanced user |
|
|
| Joined: Mar 07, 2009 |
| Posts: 108 |
|
|
|
|
|
|
|
| fedor_s wrote: | So, I'm starting security right? I've found a few xss and mysql exploits myself . . . er, but that's besides the point anyway.
I don't understand this Hash:Salt concept. How would you decode? I may be too sleepy to read up on wikipedia, but I need something simple because I can't grasp the understanding of this?
What specifically is a hash, and what is salt? And how shall I decode the MD5 encrypted string? I'm too sleepy to explain what I know.
So, I tried to use an ipb mysql injection script in php made by waraxe on my forums on localhost. So it was all successful, and I got a hash:salt returned.
But I have no idea how to decode it? Here's the hash:salt.
Hash: ead34fecf9d99e1dde4288b1f9e38c71
Salt: 'p0WU
I don't think I remember the password I put on there, but also, how do I actually use the information the script returned? I tried forging the cookie, but it doesn't login. Can somebody tell me how I use this? Thanks
-Incredibly sleepy. |
ead34fecf9d99e1dde4288b1f9e38c71 = Piss |
|
|
|
|
|
|
|
|
| Posted: Sun Jun 21, 2009 6:01 pm |
|
|
| tomzor |
| Regular user |
|
|
| Joined: Jun 20, 2009 |
| Posts: 18 |
| Location: unknown?? |
|
|
|
|
|
|
nice nice,
few question which program did you use?
cause i am using passwordspro
and used this way for ipb:
md5(md5($salt).md5($pass))
cause it was a ipb 2.3.5
but it will take for hours before it is done...
so could you tell me how did you do it that fast? |
|
|
|
|
| Posted: Sun Jun 21, 2009 7:06 pm |
|
|
| brisk |
| Advanced user |
|
|
| Joined: Mar 07, 2009 |
| Posts: 108 |
|
|
|
|
|
|
|
| tomzor wrote: | nice nice,
few question which program did you use?
cause i am using passwordspro
and used this way for ipb:
md5(md5($salt).md5($pass))
cause it was a ipb 2.3.5
but it will take for hours before it is done...
so could you tell me how did you do it that fast? |
I'm using passwordspro as well but I've used dictionary to find the pass.
http://www.insidepro.com/eng/download.shtml
get InsidePro (Big) |
|
|
|
|
| Posted: Sun Jun 21, 2009 7:26 pm |
|
|
| fedor_s |
| Beginner |
|
|
| Joined: Jun 21, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
Alright, so I see my only option is brute-forcing or cookie forging. If cookie forging is possible how would I do this?
IPB Version: 2.3.5 |
|
|
|
|
| Posted: Sun Jun 21, 2009 8:18 pm |
|
|
| brisk |
| Advanced user |
|
|
| Joined: Mar 07, 2009 |
| Posts: 108 |
|
|
|
|
|
|
|
| fedor_s wrote: | Alright, so I see my only option is brute-forcing or cookie forging. If cookie forging is possible how would I do this?
IPB Version: 2.3.5 |
I think u need to spoof cookies by hash and user's id...
I'm not sure tho, I have never done that in ipb |
|
|
|
|
| Posted: Mon Jun 22, 2009 12:17 am |
|
|
| fedor_s |
| Beginner |
|
|
| Joined: Jun 21, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| brisk wrote: | | fedor_s wrote: | Alright, so I see my only option is brute-forcing or cookie forging. If cookie forging is possible how would I do this?
IPB Version: 2.3.5 |
I think u need to spoof cookies by hash and user's id...
I'm not sure tho, I have never done that in ipb |
Yeah, I did that, but it does not login for me.
Just for reference.  |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 74
Members: 0
Total: 74
