Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 49
Members: 0
Total: 49
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> MD5 hashes -> Can anyone crack this?
Post new topicReply to topic View previous topic :: View next topic
Can anyone crack this?
PostPosted: Mon Nov 15, 2010 3:37 am Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




So i payed a guy to get me a password but he only gave me a "salted hash", I have been trying to crack the hash for hours but I have no idea what im doing. If anyone here can help me out I would appreciate it.

a5c6ffeae69640058b098f699dbb043a
View user's profile Send private message Visit poster's website
PostPosted: Mon Nov 15, 2010 7:00 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Where did you get it from? (Software etc.)

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Mon Nov 15, 2010 7:58 pm Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




An active perl exploit.
View user's profile Send private message Visit poster's website
PostPosted: Mon Nov 15, 2010 8:39 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Err, I meant the software using the password (e.g. bulletin boards, administration panels, etc.)

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Mon Nov 15, 2010 9:41 pm Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




Oh haha, its a Vbulletin Forum

board.rapbasement.com
View user's profile Send private message Visit poster's website
PostPosted: Tue Nov 16, 2010 9:50 pm Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




anyone?

I will pay 200 dollars to anyone who can crack this.
View user's profile Send private message Visit poster's website
PostPosted: Tue Nov 16, 2010 10:02 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




Finding the password from a salted hash without the salt is extremely time-consuming. The only option there is is to try each possible combination of 3 random characters that can act as a salt in vBulletin. A dictionary attack with a tiny dictionary might take an hour or more (very rough estimation) so imagine how hard it would be if the password is something like m1pa$$w0rd.
View user's profile Send private message
PostPosted: Wed Nov 17, 2010 4:45 am Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




ok ill have to look into that thanks.

also i have been messing around with programs like hashcat and password pro. i am doing a brute force attack, is it possible to get it that way or am i wasting my time.
View user's profile Send private message Visit poster's website
PostPosted: Wed Nov 17, 2010 8:28 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




Passwordspro isn't any good here unless you import the same hash with all possible salts.

Hashcat was originally designed for situations like this. It comes with a vBulletin.salt file that contains all possible vBulletin salts. You can put your hash in the hash list and use that salt file as a salt list. Then it'll try the hash with each salt in the salt file.
View user's profile Send private message
PostPosted: Wed Nov 17, 2010 9:24 am Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




Nice, Just downloaded it. I don't have a wordlist.. Does "charset" mean hash?
View user's profile Send private message Visit poster's website
PostPosted: Wed Nov 17, 2010 10:11 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I suspect you downloaded the command line interface only. There's a GUI available too here.

Just search on google for some wordlists or look in the wordlists section on this forum.

Charset is the character set you define for a bruteforce attack. A charset contains all characters you want to try for a bruteforce attack.
View user's profile Send private message
PostPosted: Thu Nov 18, 2010 12:28 am Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




so basically i just put like every letter and every number
View user's profile Send private message Visit poster's website
PostPosted: Thu Nov 18, 2010 1:10 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




the creators of hashcat already did that for you, but if you want to use passwordspro, then indeed you have to do that or extract all the salts from the vBulletin.salt file of hashcat.
View user's profile Send private message
PostPosted: Sun Nov 21, 2010 1:36 am Reply with quote
jmgredskins
Regular user
Regular user
Joined: Nov 15, 2010
Posts: 10




ok thanks for you help, i have one more question.

in this case for hashcat would i use

MD5($salt.$pass)

MD5($pass.$salt)
View user's profile Send private message Visit poster's website
PostPosted: Mon Nov 22, 2010 10:46 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




The password comes from a vBulletin database. vBulletin uses this encryption algo:

md5(md5(pass).salt)

Hashcat provides this as:

md5(md5($pass).$salt)
View user's profile Send private message
Can anyone crack this?
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.050 Seconds