 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
hash I sniffed with cain |
 |
 Posted: Fri Dec 04, 2009 4:14 am |
 |
|
| helpme |
| Regular user |
 |
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
 |
|
 |
|
Someone was logging into a vbulletin site. here is the hash
f921807556526c2de12544727aa82725
One thing I do not understand. I own a vbulletion site, and can look at the hash in the database. The hash I sniff when I log in does not match. Is the one I sniff just regular md5 and the one in the db salted?
Either way, the one above was caught on the network. If someone can crack it, I'll pay! |
|
|
|
|
| Posted: Fri Dec 04, 2009 6:26 am |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
| Another question = if I think I know part of the password, what would be the best method to try and see? Seems the more info I have the faster this should go.. |
|
|
|
|
| Posted: Sat Dec 05, 2009 11:09 pm |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Dec 06, 2009 2:09 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| From what piece of HTTP request is this hash? GET parameter? POST parameter? Cookie? Can you provide whole original HTTP request? |
|
|
|
|
| Posted: Sun Dec 06, 2009 11:05 pm |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
I don't have the entire packet. That is just what CAIN picks up each time the users visits a specific vbulletin forum. Pretty sure it is just an MD5.
I believe the vBulletin passwords in the vBulletin db are the ones that are salted, but one like this that is only used during login is regular MD5.
Please help if you can. I will pay you if that is needed. |
|
|
|
|
| Posted: Sun Dec 06, 2009 11:09 pm |
|
|
| vince213333 |
| Advanced user |
 |
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| You do need the salt to crack that hash. The hash you picked up is the salted one. It ain't a regular md5 hash. |
|
|
|
|
| Posted: Sun Dec 06, 2009 11:22 pm |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
| vince213333 wrote: | | You do need the salt to crack that hash. The hash you picked up is the salted one. It ain't a regular md5 hash. |
So the one from the DB is the one that isn't salted? |
|
|
|
|
| Posted: Sun Dec 06, 2009 11:30 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| They're both salted, that's the point of having a salt. If you enter a password and press the login button, your password is hashes with that salt and if the salted hash matches the salted hash in the batabase, you get access to the forum. |
|
|
|
|
| Posted: Sun Dec 06, 2009 11:57 pm |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
I know the hash can be cracked, salted or not. Someone cracked a PW for me a year or so ago, that was straight out of the vb db.
Can anyone help? How do I get the salt if that is needed? |
|
|
|
|
| Posted: Mon Dec 07, 2009 12:19 am |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| helpme wrote: | | I know the hash can be cracked, salted or not. |
Via brute forcing, it's possible.
| helpme wrote: | | How do I get the salt if that is needed? |
Either SQL injection or direct access to the database or some other techniques. |
|
|
|
|
| Posted: Mon Dec 07, 2009 12:56 am |
|
|
| helpme |
| Regular user |
|
|
| Joined: Dec 04, 2009 |
| Posts: 7 |
|
|
|
|
|
|
|
| Should the hash in the db and the one I intercept be the same? Because I have tested that and they are not. |
|
|
|
|
| Posted: Tue Dec 08, 2009 10:10 am |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| I don't think so. I'm not entirely sure of this but I think the one in the database is hashes another time with the vBulletin licence number. |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 65
Members: 0
Total: 65
