|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 83
Members: 0
Total: 83
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
IPB MD5.Salt Problem |
|
Posted: Thu Apr 22, 2010 8:32 am |
|
|
abackdoor |
Regular user |
|
|
Joined: Apr 22, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
Alright guys, I'm creating an IPB hash cracker in PHP right now. I have a strong server to do the work; once I finish the Alpha, I will convert over to a CUDA GUI and will be sure to release it. But the problem I am having...
Password is: Q2XjhY32w5!e$AwP
Salt is: |ad5=
Hash is: 034345178623d00ef1dd2f3ad966a633
Code: | <?php
$salt = '|ad5=';
$new_pass = 'Q2XjhY32w5!e$AwP';
echo md5( md5($salt) . md5( $new_pass ) );
?> |
Gives me a hash output of:
d971880f5186faddf4415f1e37384e1e
No match!
I am aware that $ is in the password, and in PHP, could be treated as a variable. So when I use "" instead of '' I still get a different hash output; but then, what parameters would I use for when I allow a user to submit a password and salt (for adding to the database to crack), because we don't know if the user is going to have a $ in any of the inputs.
Can somebody get the hash to match appropriately, and help me out please?
Cheers. |
|
|
|
|
|
|
|
|
Posted: Thu Apr 22, 2010 11:31 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
For now, I can explain the use of ' and " in programming languages
If you use a string between single quotes, the string is stored as it's written. On the other hand, if you use double quotes, the string will be interpreted. So any variables in the string will be replaced by it's value.
Example:
$string = 'value';
echo 'first: $string'; -> first: $string
echo "second: $string"; -> second: value |
|
|
|
|
|
|
|
|
Posted: Thu Apr 22, 2010 11:45 pm |
|
|
abackdoor |
Regular user |
|
|
Joined: Apr 22, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
vince213333 wrote: | For now, I can explain the use of ' and " in programming languages
If you use a string between single quotes, the string is stored as it's written. On the other hand, if you use double quotes, the string will be interpreted. So any variables in the string will be replaced by it's value.
Example:
$string = 'value';
echo 'first: $string'; -> first: $string
echo "second: $string"; -> second: value |
Sorry my English is not well and I am needing to translate this.
So if I understand you correctly, '' should be used in my case; but when it is, the output is still different from the output in the database.
Thank you. |
|
|
|
|
Posted: Fri Apr 23, 2010 7:42 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
No. You should use '. Because then the $ will be kept |
|
|
|
|
Posted: Fri Apr 23, 2010 10:44 pm |
|
|
abackdoor |
Regular user |
|
|
Joined: Apr 22, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
vince213333 wrote: | No. You should use '. Because then the $ will be kept |
I am using ' ' . This is my code:
Code: | <?php
$salt = '|ad5=';
$new_pass = 'Q2XjhY32w5!e$AwP';
echo md5( md5($salt) . md5( $new_pass ) );
?> |
However, the hash output SHOULD BE 034345178623d00ef1dd2f3ad966a633.
I feel hopeless. And, I appreciate your help. |
|
|
|
|
Posted: Sat Apr 24, 2010 3:41 am |
|
|
nubcake |
Regular user |
|
|
Joined: Oct 02, 2008 |
Posts: 20 |
|
|
|
|
|
|
|
Code: |
<?php
$salt = "|ad5=";
$new_pass = "Q2XjhY32w5!e$AwP";
echo md5( md5( $salt ) . md5( $new_pass ) );
?>
|
i tried it with " instead of ' (you should only use ' for variables from what i know).
got the following:
3b27c4425fd18cf26894e05dec158802 |
|
|
|
|
Posted: Sat Apr 24, 2010 10:10 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
I've tried the password from your first post.
But according to passwordspro, 034345178623d00ef1dd2f3ad966a633:|ad5= isn't the hash:salt of the password Q2XjhY32w5!e$AwP. |
|
|
|
|
Posted: Sat Apr 24, 2010 5:13 pm |
|
|
abackdoor |
Regular user |
|
|
Joined: Apr 22, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
vince213333 wrote: | I've tried the password from your first post.
But according to passwordspro, 034345178623d00ef1dd2f3ad966a633:|ad5= isn't the hash:salt of the password Q2XjhY32w5!e$AwP. |
Did you do it double md5'ed in PW_Pro?
md5( md5($salt) . md5( $new_pass ) ); |
|
|
|
|
Posted: Sat Apr 24, 2010 7:09 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
I think i'm well aware of the algorithm of IPB |
|
|
|
|
Posted: Sat Apr 24, 2010 7:36 pm |
|
|
abackdoor |
Regular user |
|
|
Joined: Apr 22, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
vince213333 wrote: | I think i'm well aware of the algorithm of IPB |
Yeah, I just opened up Passwords Pro and I played around with creating a few users in my IPB database with the value of $ in the password. The hash output is always different when $ is used.
Either md5(md5($salt).md5($pass)) does something to character $ when used in PHP, or, IPB does something when a special character like $ is inputted.
I'll look deeper into this, if anybody figures something out help would be appreciated; thankx! |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|