 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
How to Get target password's md5 hash ? |
 |
 Posted: Sat Jul 09, 2005 5:40 am |
 |
|
| kiddy |
| Regular user |
 |
|
| Joined: Jul 09, 2005 |
| Posts: 6 |
|
|
|
 |
|
 |
|
How to Get target password's md5 hash ?
I am a kiddy and don't know that sry
hope u can help |
|
|
|
|
| Posted: Sat Jul 09, 2005 6:10 am |
|
|
| diaga |
| Regular user |
|
|
| Joined: Jun 27, 2005 |
| Posts: 22 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sat Jul 09, 2005 9:53 am |
|
|
| kiddy |
| Regular user |
|
|
| Joined: Jul 09, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
| nono i dont have the hash i must get it and dont know how |
|
|
|
|
| Posted: Sat Jul 09, 2005 9:57 am |
|
|
| diaga |
| Regular user |
|
|
| Joined: Jun 27, 2005 |
| Posts: 22 |
|
|
|
|
|
|
|
| What are you trying to extract the hash from? - usually it's stored in a sql database. If you can get your hands on a copy of the database - just look for the username and it should be somewhere around it |
|
|
|
|
| Posted: Sat Jul 09, 2005 9:59 am |
|
|
| kiddy |
| Regular user |
|
|
| Joined: Jul 09, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
| i need to get admin rights on a site+ |
|
|
|
|
| Posted: Sat Jul 09, 2005 10:48 am |
|
|
| Shadow |
| Regular user |
 |
|
| Joined: Aug 08, 2004 |
| Posts: 7 |
| Location: Where dingos eat babies |
|
|
|
|
|
|
| What are u trying to get admin in phpbb, phpnuke, postnuke or a custom made site(as they all run phpbb), does it even hash the pass, does it use sql and what version they are running? It would help if you supplied the cms you are trying to exploit you dont have to be admin to sql inject. You can also look through all the posts, If its a comon cms there probably an exploit already posted. You have to supply more than "How to Get target password's md5 hash ? " thats a pretty genral statment. Remember dont post the url of the real site. |
|
_________________
My software never has bugs. It just develops random features. |
|
|
|
| Posted: Sun Jan 01, 2006 11:09 pm |
|
|
| Horatio |
| Regular user |
|
|
| Joined: Jan 02, 2006 |
| Posts: 5 |
|
|
|
|
|
|
|
| ya I have the same question; I am trying to get the hash for a phpbb 2.08 forum but have no idea how to begin. |
|
|
|
|
| Posted: Tue Jan 03, 2006 1:03 am |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
Look for a description for the word "exploiting" and then take a look in this forum for exploits for version 2.0.8. And then ask if you don't understand something. But don't ask how to do. Learning by doing.
We won't be furious if you ask how something works. But we (in any case me) would be angry if you ask HOW to do something.
You should try and see and search for information by your own.
Don't let others take your work. |
|
|
|
|
| Posted: Wed Jan 04, 2006 12:54 am |
|
|
| Horatio |
| Regular user |
|
|
| Joined: Jan 02, 2006 |
| Posts: 5 |
|
|
|
|
|
|
|
| I spent a lot of time searching the forum already; I would find links to tuts on getting the hash but the links would be dead. so ya I always use search before asking. |
|
|
|
|
| Posted: Thu Jan 19, 2006 2:20 am |
|
|
| Horatio |
| Regular user |
|
|
| Joined: Jan 02, 2006 |
| Posts: 5 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Jul 03, 2006 8:21 pm |
|
|
| superninja |
| Active user |
 |
|
| Joined: Jul 03, 2006 |
| Posts: 38 |
|
|
|
|
|
|
|
WE MEAN " How can WE(bunch of kiddies  ) get the md5? " IS it somewhere is the admin forum profile or what? |
|
|
|
|
|
|
|
|
| Posted: Mon Jul 03, 2006 9:37 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| superninja wrote: | | WE MEAN " How can WE(bunch of kiddies ) get the md5? " IS it somewhere is the admin forum profile or what? |
As you can guess, password is kind of information, that anybody want's to keep in secret. Sounds logical? So, password md5 hash - it is not an password itself, but still can lead to identity theft. This means, that any program writer, any admin, any user want's to keep his password md5 hash in secret. Now let's suppose, you want to "pull out" or steal that md5 hash from some website. Cool then. It's logical that it is not an easy task (mostly) and may be even (practically) impossible in some cases.
Typical successful md5 hash stealing scenarios:
1. You have somehow access to database - maybe through other security holes.
2. You have been trusted to be admin or moderator in website and you will misuse this trust against the siteowner.
3. There is someone with experience, skills, motivation and free time, who will find ("develope", if you prefer) new security holes in some opensource software. And after that he/she will publish advisories and all the scriptkidd0z - hacking wannabes, who wants to hack something, but have not (or not yet) enough skills for creative research - can use this info for their haxing.
This is c00l, but now think about siteowners and admins - are they happy with websites defaced and hacked down? Nop, as you can guess.
So any normal webmaster and admin will patch ("repair") websites as soon as possible. If there is some new exploit, then you can "hack" as crazy few days. Then after some weeks most targets are allready hacked or patched. Even worse - worms can be developed to exploit new security holes and this kind of mass exploiting means faster patching.
So - if you find some nice-looking exploit and think to use it against some website, then probably it will not work anymore - because site is allready patched. So - you can:
a) React as fast as possible - use "0-day" sploits
b) Try against many sites and maybe you are lucky
c) Try multiple different sploits, maybe some of them will work
By the way - I suggest to learn sql injection basics and try them in real world against windows/IIS/ASP/MSSQL websites. From my personal experience I can swear, that >25% of all ASP websites are exploitable by sql injection. And this is much more fun and creative, then just running sploits, written by others.
Learning is the key - learning, patience, motivation  |
|
Last edited by waraxe on Mon Jul 03, 2006 9:44 pm; edited 1 time in total |
|
|
|
|
|
|
|
| Posted: Mon Jul 03, 2006 9:44 pm |
|
|
| superninja |
| Active user |
|
|
| Joined: Jul 03, 2006 |
| Posts: 38 |
|
|
|
|
|
|
|
ok thanks for the information , but where must WE put this sploits  |
|
|
|
|
| Posted: Mon Jul 03, 2006 9:45 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| superninja wrote: | | ok thanks for the information , but where must WE put this sploits |
It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux  |
|
|
|
|
| Posted: Mon Jul 03, 2006 9:48 pm |
|
|
| superninja |
| Active user |
|
|
| Joined: Jul 03, 2006 |
| Posts: 38 |
|
|
|
|
|
|
|
| waraxe wrote: | | superninja wrote: | | ok thanks for the information , but where must WE put this sploits |
It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux |
Ok i can't understand ,but i'm wondering how these (http://www.cyber-raider.com) guys continued hack forums and sites i ask to join them and they ban me  |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 96
Members: 0
Total: 96
