Waraxe IT Security Portal
Login or Register
November 16, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 70
Members: 0
Total: 70
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> MD5 hashes -> hash I sniffed with cain
Post new topicReply to topic View previous topic :: View next topic
hash I sniffed with cain
PostPosted: Fri Dec 04, 2009 4:14 am Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




Someone was logging into a vbulletin site. here is the hash

f921807556526c2de12544727aa82725


One thing I do not understand. I own a vbulletion site, and can look at the hash in the database. The hash I sniff when I log in does not match. Is the one I sniff just regular md5 and the one in the db salted?

Either way, the one above was caught on the network. If someone can crack it, I'll pay!
View user's profile Send private message
PostPosted: Fri Dec 04, 2009 6:26 am Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




Another question = if I think I know part of the password, what would be the best method to try and see? Seems the more info I have the faster this should go..
View user's profile Send private message
PostPosted: Sat Dec 05, 2009 11:09 pm Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




ttt
View user's profile Send private message
PostPosted: Sun Dec 06, 2009 2:09 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




From what piece of HTTP request is this hash? GET parameter? POST parameter? Cookie? Can you provide whole original HTTP request?
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Dec 06, 2009 11:05 pm Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




I don't have the entire packet. That is just what CAIN picks up each time the users visits a specific vbulletin forum. Pretty sure it is just an MD5.

I believe the vBulletin passwords in the vBulletin db are the ones that are salted, but one like this that is only used during login is regular MD5.

Please help if you can. I will pay you if that is needed.
View user's profile Send private message
PostPosted: Sun Dec 06, 2009 11:09 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




You do need the salt to crack that hash. The hash you picked up is the salted one. It ain't a regular md5 hash.
View user's profile Send private message
PostPosted: Sun Dec 06, 2009 11:22 pm Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




vince213333 wrote:
You do need the salt to crack that hash. The hash you picked up is the salted one. It ain't a regular md5 hash.


So the one from the DB is the one that isn't salted?
View user's profile Send private message
PostPosted: Sun Dec 06, 2009 11:30 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




They're both salted, that's the point of having a salt. If you enter a password and press the login button, your password is hashes with that salt and if the salted hash matches the salted hash in the batabase, you get access to the forum.
View user's profile Send private message
PostPosted: Sun Dec 06, 2009 11:57 pm Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




I know the hash can be cracked, salted or not. Someone cracked a PW for me a year or so ago, that was straight out of the vb db.

Can anyone help? How do I get the salt if that is needed?
View user's profile Send private message
PostPosted: Mon Dec 07, 2009 12:19 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




helpme wrote:
I know the hash can be cracked, salted or not.


Via brute forcing, it's possible.

helpme wrote:
How do I get the salt if that is needed?


Either SQL injection or direct access to the database or some other techniques.
View user's profile Send private message
PostPosted: Mon Dec 07, 2009 12:56 am Reply with quote
helpme
Regular user
Regular user
Joined: Dec 04, 2009
Posts: 7




Should the hash in the db and the one I intercept be the same? Because I have tested that and they are not.
View user's profile Send private message
PostPosted: Tue Dec 08, 2009 10:10 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I don't think so. I'm not entirely sure of this but I think the one in the database is hashes another time with the vBulletin licence number.
View user's profile Send private message
hash I sniffed with cain
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.059 Seconds