Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 57
Members: 0
Total: 57
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to Get target password's md5 hash ? Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
How to Get target password's md5 hash ?
PostPosted: Sat Jul 09, 2005 5:40 am Reply with quote
kiddy
Regular user
Regular user
Joined: Jul 09, 2005
Posts: 6




How to Get target password's md5 hash ?
I am a kiddy and don't know that sry
hope u can help
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 6:10 am Reply with quote
diaga
Regular user
Regular user
Joined: Jun 27, 2005
Posts: 22




You mean you have a hash and want to decypt it?... it's a hash, not doable.

The only possibility is brute force, see http://www.antsight.com/zsl/rainbowcrack/
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:53 am Reply with quote
kiddy
Regular user
Regular user
Joined: Jul 09, 2005
Posts: 6




nono i dont have the hash i must get it and dont know how
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:57 am Reply with quote
diaga
Regular user
Regular user
Joined: Jun 27, 2005
Posts: 22




What are you trying to extract the hash from? - usually it's stored in a sql database. If you can get your hands on a copy of the database - just look for the username and it should be somewhere around it
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:59 am Reply with quote
kiddy
Regular user
Regular user
Joined: Jul 09, 2005
Posts: 6




i need to get admin rights on a site+
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 10:48 am Reply with quote
Shadow
Regular user
Regular user
Joined: Aug 08, 2004
Posts: 7
Location: Where dingos eat babies




What are u trying to get admin in phpbb, phpnuke, postnuke or a custom made site(as they all run phpbb), does it even hash the pass, does it use sql and what version they are running? It would help if you supplied the cms you are trying to exploit you dont have to be admin to sql inject. You can also look through all the posts, If its a comon cms there probably an exploit already posted. You have to supply more than "How to Get target password's md5 hash ? " thats a pretty genral statment. Remember dont post the url of the real site.

_________________
My software never has bugs. It just develops random features.
View user's profile Send private message
PostPosted: Sun Jan 01, 2006 11:09 pm Reply with quote
Horatio
Regular user
Regular user
Joined: Jan 02, 2006
Posts: 5




ya I have the same question; I am trying to get the hash for a phpbb 2.08 forum but have no idea how to begin.
View user's profile Send private message
PostPosted: Tue Jan 03, 2006 1:03 am Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Look for a description for the word "exploiting" and then take a look in this forum for exploits for version 2.0.8. And then ask if you don't understand something. But don't ask how to do. Learning by doing.

We won't be furious if you ask how something works. But we (in any case me) would be angry if you ask HOW to do something.
You should try and see and search for information by your own.
Don't let others take your work.

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Wed Jan 04, 2006 12:54 am Reply with quote
Horatio
Regular user
Regular user
Joined: Jan 02, 2006
Posts: 5




I spent a lot of time searching the forum already; I would find links to tuts on getting the hash but the links would be dead. so ya I always use search before asking.
View user's profile Send private message
PostPosted: Thu Jan 19, 2006 2:20 am Reply with quote
Horatio
Regular user
Regular user
Joined: Jan 02, 2006
Posts: 5




help
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 8:21 pm Reply with quote
superninja
Active user
Active user
Joined: Jul 03, 2006
Posts: 38




WE MEAN " How can WE(bunch of kiddies Razz) get the md5? " IS it somewhere is the admin forum profile or what?
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 9:37 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




superninja wrote:
WE MEAN " How can WE(bunch of kiddies Razz) get the md5? " IS it somewhere is the admin forum profile or what?


As you can guess, password is kind of information, that anybody want's to keep in secret. Sounds logical? So, password md5 hash - it is not an password itself, but still can lead to identity theft. This means, that any program writer, any admin, any user want's to keep his password md5 hash in secret. Now let's suppose, you want to "pull out" or steal that md5 hash from some website. Cool then. It's logical that it is not an easy task (mostly) and may be even (practically) impossible in some cases.

Typical successful md5 hash stealing scenarios:

1. You have somehow access to database - maybe through other security holes.
2. You have been trusted to be admin or moderator in website and you will misuse this trust against the siteowner.
3. There is someone with experience, skills, motivation and free time, who will find ("develope", if you prefer) new security holes in some opensource software. And after that he/she will publish advisories and all the scriptkidd0z - hacking wannabes, who wants to hack something, but have not (or not yet) enough skills for creative research - can use this info for their haxing.
This is c00l, but now think about siteowners and admins - are they happy with websites defaced and hacked down? Nop, as you can guess.
So any normal webmaster and admin will patch ("repair") websites as soon as possible. If there is some new exploit, then you can "hack" as crazy few days. Then after some weeks most targets are allready hacked or patched. Even worse - worms can be developed to exploit new security holes and this kind of mass exploiting means faster patching.
So - if you find some nice-looking exploit and think to use it against some website, then probably it will not work anymore - because site is allready patched. So - you can:
a) React as fast as possible - use "0-day" sploits
b) Try against many sites and maybe you are lucky
c) Try multiple different sploits, maybe some of them will work

By the way - I suggest to learn sql injection basics and try them in real world against windows/IIS/ASP/MSSQL websites. From my personal experience I can swear, that >25% of all ASP websites are exploitable by sql injection. And this is much more fun and creative, then just running sploits, written by others.

Learning is the key - learning, patience, motivation Very Happy


Last edited by waraxe on Mon Jul 03, 2006 9:44 pm; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 03, 2006 9:44 pm Reply with quote
superninja
Active user
Active user
Joined: Jul 03, 2006
Posts: 38




ok thanks for the information , but where must WE put this sploits Embarassed
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 9:45 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




superninja wrote:
ok thanks for the information , but where must WE put this sploits Embarassed


It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 03, 2006 9:48 pm Reply with quote
superninja
Active user
Active user
Joined: Jul 03, 2006
Posts: 38




waraxe wrote:
superninja wrote:
ok thanks for the information , but where must WE put this sploits Embarassed


It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux Smile

Ok i can't understand ,but i'm wondering how these (http://www.cyber-raider.com) guys continued hack forums and sites Smile i ask to join them and they ban me Rolling Eyes
View user's profile Send private message
How to Get target password's md5 hash ?
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.037 Seconds