Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 76
Members: 0
Total: 76
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> MD5 hashes -> Need help with salted md5 hashes
Post new topicReply to topic View previous topic :: View next topic
Need help with salted md5 hashes
PostPosted: Thu Nov 26, 2009 8:08 pm Reply with quote
Ikalou
Regular user
Regular user
Joined: Nov 26, 2009
Posts: 6
Location: France




Hi guys,

I am having issues with hundreds of salted hashes. Since they come from a Joomla-powered website, I assume these are md5($pass.$salt). Could please someone confirm me that? I've been trying to brute force them for two weeks without success so far. Maybe you guys can have a try?

29dc1cf333fe6e59adce0413083b019c:sctk5gnj0siy413y
c45f1d9fe2a03f6384856011a2c395f4:niiihcydkycar3q9
342768008fed2d0e08c28a46c25ea74c:dz3waf7nph8jpxf4
311c0a140e04d262d3f9c8a6ea78ecb1:ceewi2usddzlpfop
6e834318c397357c2103f734031300e2:giyaypkiipvoknwz
5a4b2f74d76ee563220098680c4f0a53:fjmrdlovqsrmqkoi
574a205f2b5ba0c6d4f20a57bd9ee24e:2uktmq4odttviphx
21be7f9ff7fe3d7dfbf7d2da1a698486:ry3uuwu3v6pjfktc
e6a287825bdc32e4d9310d9598e8e07f:ajq71imznomczu0a
36dd2f561ec2f4b9516f8fa1fc291a89:gzfjkjcthk7yhdyp
65bafe17d2b2a601730b2893950a8a81:zuclfrlqh5cesemm
d3ac16b0d42616c80a871665096a60e4:delbj54q27uy4sdb
7ba9aafe96b63ea92df0092f74cc80ac:3uvwg19ll6iva1li
de1f402177749c147d8217e8e4477cce:9jpvfty8zhzr1coa
2d2affc6ee1b53672ccd593dd2401264:xtrzsuixixu8zx9x
bc86c1736e34bd4e72130bd21d5d1ff3:h92i5p59nsj9uyze
26e4cf998a72c8aa450b35658d10e548:anmpq9efdj6p20cj
c220eb4ef5df2bc65ff5551f994f930b:nk6dsvwfpz8msoye
c4c517e23358379d09af6fef17ba6727:f6orksiwslmenbhr
3666564180bfbdb7cc7176e5488874cf:px119nb8yi3kpbb8
(...)

Besides, there are also two or three dozens of non-salted hashes on the same table.

aaeff3db509befd9c1365767dfbd833
1b86bb4390f7da31f57390d14aec3637
b4ecf9c7d5b464c52b1a1796b9cb75e4
4c949f155f5ffea08818a08dd2b2b4d4
0e7befb752b8058a7e80b7b8e42b5d49
36cd2a1a08155f078d6c666d1fc1fac3
b4b93bfb1836c854b375637704f35ba8
a0e5d103ab9094d156b65d1fa9cb0e44
f04d427e68d563797cb646cb90aa955c
ddda9c3cdb3c1761173ca820e3434c22
(...)

How do you explain it?

Any help, any advice of any kind would be most welcome.

Thanks, Ikalou.
View user's profile Send private message
PostPosted: Fri Nov 27, 2009 12:22 am Reply with quote
aritmos
Advanced user
Advanced user
Joined: Jul 21, 2008
Posts: 82
Location: Inside a salted MD5




aaeff3db509befd9c1365767dfbd833 Not valid MD5
1b86bb4390f7da31f57390d14aec3637:NREskR
b4ecf9c7d5b464c52b1a1796b9cb75e4:6nIFqx
0e7befb752b8058a7e80b7b8e42b5d49:vsaZBD
View user's profile Send private message
PostPosted: Fri Nov 27, 2009 10:55 am Reply with quote
Ikalou
Regular user
Regular user
Joined: Nov 26, 2009
Posts: 6
Location: France




Thanks a lot aritmos.
It appears that at least all unsalted hashes, probably all of them, are 6 chars long randomly generated passwords with mixed upper/lower case letters and numbers. I am to focus on all others unsalted hashes first.

Also, sorry for the wrong md5. It's 2aaeff3db509befd9c1365767dfbd833.

I'll keep you up.

Thanks again.
View user's profile Send private message
PostPosted: Fri Nov 27, 2009 6:09 pm Reply with quote
Ikalou
Regular user
Regular user
Joined: Nov 26, 2009
Posts: 6
Location: France




Thanks to your help, I have successfully solved all unsalted md5.

[EDIT]

Now I'm having troubles with salted ones.

The string "vsaZBD" gives "66f5e80bceded99487e04b0eb69433a4:487drwlaspx3ndlv" once salted.

And "cZgzs4" gives "e5a804412f90f979d2d74b18b7d8f885:te28dtqk8w3optwh"

I can't figure out how the salt is used. Any help please?
View user's profile Send private message
PostPosted: Sun Nov 29, 2009 7:32 pm Reply with quote
Ikalou
Regular user
Regular user
Joined: Nov 26, 2009
Posts: 6
Location: France




I tried almost all possible pass/salt combinations and found nothing Sad
Am I doing something wrong?

pass: Ifs9rM
salt: 7cvdurgdxmozr6zk
result: 2c89a803b2cb8eb6e050d0d62e737eb9:7cvdurgdxmozr6zk

You really have no idea how this salt is used?
View user's profile Send private message
PostPosted: Sun Nov 29, 2009 10:14 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




Well this is how it works:

you have the actual password and the salt in 2 variables $pass and $salt for example.

Now what joomla (i assume those are joomla hashes) does it it takes the password, just appends the salt at the end. then it uses the md5 algorithm on that whole string. The outcome is the 32 character hash you have.

When you log in on a forum, the php page will calculate that hash like i described, and then it compares the hash to the hash stored in the forum database. If it matches, you're logged in Smile
View user's profile Send private message
PostPosted: Mon Nov 30, 2009 7:32 am Reply with quote
Ikalou
Regular user
Regular user
Joined: Nov 26, 2009
Posts: 6
Location: France




Thanks for your reply,

Yes, these are joomla (1.1 rc2) hashes, but seems like the salt is NOT just append to the password. Some accounts were not salted yet, probably for they never logged in after salt was handled. Passwords are 6 char long and very easy to crack... unless I can't use the salt.

For instance:
$pass = 'Ifs9rM' (I'm sure about that)
$salt = '7cvdurgdxmozr6zk'

I would expect the following:
md5($pass.$salt).':'.$salt = 'eb393054596991a4177f49a55c827e31:7cvdurgdxmozr6zk'
When the password field contains: '2c89a803b2cb8eb6e050d0d62e737eb9:7cvdurgdxmozr6zk'

I can't get it Sad

==

[EDIT] Okay, topic closed. Capitalization problem. Thanks everyone.
View user's profile Send private message
Need help with salted md5 hashes
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.034 Seconds