Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> All other hashes -> IPB MD5.Salt Problem
Post new topicReply to topic View previous topic :: View next topic
IPB MD5.Salt Problem
PostPosted: Thu Apr 22, 2010 8:32 am Reply with quote
abackdoor
Regular user
Regular user
Joined: Apr 22, 2010
Posts: 5




Alright guys, I'm creating an IPB hash cracker in PHP right now. I have a strong server to do the work; once I finish the Alpha, I will convert over to a CUDA GUI and will be sure to release it. But the problem I am having...

Password is: Q2XjhY32w5!e$AwP
Salt is: |ad5=
Hash is: 034345178623d00ef1dd2f3ad966a633

Code:
<?php
$salt = '|ad5=';
$new_pass = 'Q2XjhY32w5!e$AwP';
echo md5( md5($salt) . md5( $new_pass ) );
?>


Gives me a hash output of:
d971880f5186faddf4415f1e37384e1e

No match!

I am aware that $ is in the password, and in PHP, could be treated as a variable. So when I use "" instead of '' I still get a different hash output; but then, what parameters would I use for when I allow a user to submit a password and salt (for adding to the database to crack), because we don't know if the user is going to have a $ in any of the inputs.

Can somebody get the hash to match appropriately, and help me out please?

Cheers. Smile
View user's profile Send private message
PostPosted: Thu Apr 22, 2010 11:31 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




For now, I can explain the use of ' and " in programming languages Smile

If you use a string between single quotes, the string is stored as it's written. On the other hand, if you use double quotes, the string will be interpreted. So any variables in the string will be replaced by it's value.

Example:

$string = 'value';
echo 'first: $string'; -> first: $string
echo "second: $string"; -> second: value
View user's profile Send private message
PostPosted: Thu Apr 22, 2010 11:45 pm Reply with quote
abackdoor
Regular user
Regular user
Joined: Apr 22, 2010
Posts: 5




vince213333 wrote:
For now, I can explain the use of ' and " in programming languages Smile

If you use a string between single quotes, the string is stored as it's written. On the other hand, if you use double quotes, the string will be interpreted. So any variables in the string will be replaced by it's value.

Example:

$string = 'value';
echo 'first: $string'; -> first: $string
echo "second: $string"; -> second: value


Sorry my English is not well and I am needing to translate this.
So if I understand you correctly, '' should be used in my case; but when it is, the output is still different from the output in the database.

Thank you.
View user's profile Send private message
PostPosted: Fri Apr 23, 2010 7:42 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




No. You should use '. Because then the $ will be kept Smile
View user's profile Send private message
PostPosted: Fri Apr 23, 2010 10:44 pm Reply with quote
abackdoor
Regular user
Regular user
Joined: Apr 22, 2010
Posts: 5




vince213333 wrote:
No. You should use '. Because then the $ will be kept Smile


I am using ' ' . This is my code:

Code:
<?php
$salt = '|ad5=';
$new_pass = 'Q2XjhY32w5!e$AwP';
echo md5( md5($salt) . md5( $new_pass ) );
?>


However, the hash output SHOULD BE 034345178623d00ef1dd2f3ad966a633.
I feel hopeless. Sad And, I appreciate your help. Smile
View user's profile Send private message
PostPosted: Sat Apr 24, 2010 3:41 am Reply with quote
nubcake
Regular user
Regular user
Joined: Oct 02, 2008
Posts: 20




Code:

<?php
$salt = "|ad5=";
$new_pass = "Q2XjhY32w5!e$AwP";
echo md5( md5( $salt ) . md5( $new_pass ) );
?>

i tried it with " instead of ' (you should only use ' for variables from what i know).

got the following:
3b27c4425fd18cf26894e05dec158802
View user's profile Send private message
PostPosted: Sat Apr 24, 2010 10:10 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I've tried the password from your first post.

But according to passwordspro, 034345178623d00ef1dd2f3ad966a633:|ad5= isn't the hash:salt of the password Q2XjhY32w5!e$AwP.
View user's profile Send private message
PostPosted: Sat Apr 24, 2010 5:13 pm Reply with quote
abackdoor
Regular user
Regular user
Joined: Apr 22, 2010
Posts: 5




vince213333 wrote:
I've tried the password from your first post.

But according to passwordspro, 034345178623d00ef1dd2f3ad966a633:|ad5= isn't the hash:salt of the password Q2XjhY32w5!e$AwP.


Did you do it double md5'ed in PW_Pro?

md5( md5($salt) . md5( $new_pass ) );
View user's profile Send private message
PostPosted: Sat Apr 24, 2010 7:09 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I think i'm well aware of the algorithm of IPB Smile
View user's profile Send private message
PostPosted: Sat Apr 24, 2010 7:36 pm Reply with quote
abackdoor
Regular user
Regular user
Joined: Apr 22, 2010
Posts: 5




vince213333 wrote:
I think i'm well aware of the algorithm of IPB Smile


Yeah, I just opened up Passwords Pro and I played around with creating a few users in my IPB database with the value of $ in the password. The hash output is always different when $ is used.

Either md5(md5($salt).md5($pass)) does something to character $ when used in PHP, or, IPB does something when a special character like $ is inputted.

I'll look deeper into this, if anybody figures something out help would be appreciated; thankx! Very Happy
View user's profile Send private message
IPB MD5.Salt Problem
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.047 Seconds