|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 79
Members: 0
Total: 79
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Can anyone crack this? |
|
Posted: Mon Nov 15, 2010 3:37 am |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
So i payed a guy to get me a password but he only gave me a "salted hash", I have been trying to crack the hash for hours but I have no idea what im doing. If anyone here can help me out I would appreciate it.
a5c6ffeae69640058b098f699dbb043a |
|
|
|
|
Posted: Mon Nov 15, 2010 7:00 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Where did you get it from? (Software etc.) |
|
|
|
|
Posted: Mon Nov 15, 2010 7:58 pm |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Mon Nov 15, 2010 8:39 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Err, I meant the software using the password (e.g. bulletin boards, administration panels, etc.) |
|
|
|
|
Posted: Mon Nov 15, 2010 9:41 pm |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
Oh haha, its a Vbulletin Forum
board.rapbasement.com |
|
|
|
|
Posted: Tue Nov 16, 2010 9:50 pm |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
anyone?
I will pay 200 dollars to anyone who can crack this. |
|
|
|
|
Posted: Tue Nov 16, 2010 10:02 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
Finding the password from a salted hash without the salt is extremely time-consuming. The only option there is is to try each possible combination of 3 random characters that can act as a salt in vBulletin. A dictionary attack with a tiny dictionary might take an hour or more (very rough estimation) so imagine how hard it would be if the password is something like m1pa$$w0rd. |
|
|
|
|
Posted: Wed Nov 17, 2010 4:45 am |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
ok ill have to look into that thanks.
also i have been messing around with programs like hashcat and password pro. i am doing a brute force attack, is it possible to get it that way or am i wasting my time. |
|
|
|
|
Posted: Wed Nov 17, 2010 8:28 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
Passwordspro isn't any good here unless you import the same hash with all possible salts.
Hashcat was originally designed for situations like this. It comes with a vBulletin.salt file that contains all possible vBulletin salts. You can put your hash in the hash list and use that salt file as a salt list. Then it'll try the hash with each salt in the salt file. |
|
|
|
|
Posted: Wed Nov 17, 2010 9:24 am |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
Nice, Just downloaded it. I don't have a wordlist.. Does "charset" mean hash? |
|
|
|
|
Posted: Wed Nov 17, 2010 10:11 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
I suspect you downloaded the command line interface only. There's a GUI available too here.
Just search on google for some wordlists or look in the wordlists section on this forum.
Charset is the character set you define for a bruteforce attack. A charset contains all characters you want to try for a bruteforce attack. |
|
|
|
|
Posted: Thu Nov 18, 2010 12:28 am |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
so basically i just put like every letter and every number |
|
|
|
|
Posted: Thu Nov 18, 2010 1:10 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
the creators of hashcat already did that for you, but if you want to use passwordspro, then indeed you have to do that or extract all the salts from the vBulletin.salt file of hashcat. |
|
|
|
|
Posted: Sun Nov 21, 2010 1:36 am |
|
|
jmgredskins |
Regular user |
|
|
Joined: Nov 15, 2010 |
Posts: 10 |
|
|
|
|
|
|
|
ok thanks for you help, i have one more question.
in this case for hashcat would i use
MD5($salt.$pass)
MD5($pass.$salt) |
|
|
|
|
Posted: Mon Nov 22, 2010 10:46 am |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
The password comes from a vBulletin database. vBulletin uses this encryption algo:
md5(md5(pass).salt)
Hashcat provides this as:
md5(md5($pass).$salt) |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|