Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 117
Members: 0
Total: 117
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> md5 hashes...
Post new topicReply to topic View previous topic :: View next topic
md5 hashes...
PostPosted: Wed Jul 13, 2005 7:51 am Reply with quote
theOne
Regular user
Regular user
Joined: May 31, 2005
Posts: 8




Hey people!
I just tried to crack 2 hashes I got at random from two sites, i don't care to gain access to the site i'm just trying all this rainbow table stuff and seeing how md5 cracking works, setting it up etc

These two md5 hashes will NOT crack! I use rcrack and their hashes that come for testing and all 10 of them crack in less than 10 secs no problem, but for these 2 it says hex not found

Is my table too small?

The Md5 hashes are

md5 hash#1: a459cf1e32f9a6e2bcc7034b3926c449

md5 hash#2: 80fc28d856e67a8604aa446063d11be4

IF you do get the password for them, please tell me what you used / tables etc...thnx Smile
View user's profile Send private message
PostPosted: Wed Jul 13, 2005 11:34 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Those hashes can be salted. It depends on the source, from where you got those md5 hashes.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jul 13, 2005 12:22 pm Reply with quote
slimjim100
Valuable expert
Valuable expert
Joined: Jun 09, 2004
Posts: 208
Location: USA




Here is one of your hashes and the other is cracking.

80fc28d856e67a8604aa446063d11be4 bequiet

As Waraxe stated that Salted hashes can only be brut forced but the hashes you submitted are normal MD5 hashes. One way to see this is that the standard MD5 hash is 32 bits long. I was able to crack the hashes with Rainbow tables from www.plain-text.info.

Slimjim100

_________________
www.anti-hacker.info
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
PostPosted: Wed Jul 13, 2005 12:38 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




slimjim100 wrote:
Here is one of your hashes and the other is cracking.

80fc28d856e67a8604aa446063d11be4 bequiet

As Waraxe stated that Salted hashes can only be brut forced but the hashes you submitted are normal MD5 hashes. One way to see this is that the standard MD5 hash is 32 bits long. I was able to crack the hashes with Rainbow tables from www.plain-text.info.

Slimjim100


Slimjim - salt can be stored elsewhere, like in database special field, and in this case salted md5 hash will look like normal md5 hash.

By the way - congrats for effective md5 cracking!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jul 13, 2005 1:12 pm Reply with quote
theOne
Regular user
Regular user
Joined: May 31, 2005
Posts: 8




I just grabbed it from mysql, straight from mysql it's for phpbb database...maybe that's why it won't crack hehe. See I just made the accounts testing / learning how to crack md5's...guess there's lots that I don't know.

Would they be salted if they're straight from the mysql ( password ) database?

EDIT: SOrry plain-text.info i sa wrong page, you were able to crack these two hashes you said?
View user's profile Send private message
PostPosted: Wed Jul 13, 2005 2:08 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




theOne wrote:
I just grabbed it from mysql, straight from mysql it's for phpbb database...maybe that's why it won't crack hehe. See I just made the accounts testing / learning how to crack md5's...guess there's lots that I don't know.

Would they be salted if they're straight from the mysql ( password ) database?

EDIT: SOrry plain-text.info i sa wrong page, you were able to crack these two hashes you said?


Phpbb is not using md5 salting. But for example vbulletin 3.x can use salted hashes:

Code:

CREATE TABLE `user` (
`userid` int(10) unsigned NOT NULL auto_increment,
`usergroupid` smallint(5) unsigned NOT NULL default '0',
`membergroupids` char(250) NOT NULL default '',
`displaygroupid` smallint(5) unsigned NOT NULL default '0',
`username` char(50) NOT NULL default '',
`password` char(32) NOT NULL default '',
`passworddate` date NOT NULL default '0000-00-00',
`email` char(100) NOT NULL default '',
...
...
...
`pmtotal` smallint(5) unsigned NOT NULL default '0',
`pmunread` smallint(5) unsigned NOT NULL default '0',
`salt` char(3) NOT NULL default '',
PRIMARY KEY (`userid`),
KEY `usergroupid` (`usergroupid`),
KEY `username` (`username`),
KEY `birthday` (`birthday`),
KEY `birthday_search` (`birthday_search`)
) TYPE=MyISAM AUTO_INCREMENT=3 ;


As you can see, salt is stored in field called (surprise ...) "salt".
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jul 13, 2005 4:07 pm Reply with quote
slimjim100
Valuable expert
Valuable expert
Joined: Jun 09, 2004
Posts: 208
Location: USA




the One,


Your hashes where cracked with Rainbow Tables!

md5 hash#1: a459cf1e32f9a6e2bcc7034b3926c449 = reece123

md5 hash#2: 80fc28d856e67a8604aa446063d11be4 = bequiet

I think Waraxe explained the rest.

Slimjim100 Smile

_________________
www.anti-hacker.info
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
PostPosted: Thu Jul 14, 2005 2:51 am Reply with quote
theOne
Regular user
Regular user
Joined: May 31, 2005
Posts: 8




Thnx guys for yoru replies!

Slimjim can you please tell me exactly what program / script+ files you used to crack those two hashes? Why did it say "hex not found" for mine?

Please let me know exactly what you used + options, because you got the passwords correct.
View user's profile Send private message
PostPosted: Thu Jul 14, 2005 11:22 am Reply with quote
slimjim100
Valuable expert
Valuable expert
Joined: Jun 09, 2004
Posts: 208
Location: USA




theOne,

Well I have access to over 400 Gig of Rainbow Tables so I would guess your table sets are not able to handle 1-7 or 1-8 alpha-numeric password hashes. Rainbow crack is not just a little program to play with since it takes lots of time to make the tables. I am one of the Admin?s for www.plain-text.info and our team has spent over the last 2+ years building the tables we have with the help of many others. The best way to answer your question is for you to provide more information on the tables you have and them I could get an idea of why you tables could not find the hashes. Most basic sets of tables include around 5 tales and a charter set file. Feel free to e-mail me or keep posting here if you have more questions.

Slimjim100
slimjim100(at)gmail.com

_________________
www.anti-hacker.info
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger
md5 crack
PostPosted: Thu Jul 14, 2005 12:17 pm Reply with quote
neo_hack
Regular user
Regular user
Joined: Jul 04, 2005
Posts: 6




Hi!
I tried to crack one md5 hash with Cain and I didn't make it.
Can you crack it ?
Hash: 3e3f62d3880114cff484a34334d0a43f
View user's profile Send private message
PostPosted: Thu Jul 14, 2005 12:46 pm Reply with quote
MrX
Regular user
Regular user
Joined: May 10, 2005
Posts: 5




slimjim100 wrote:
the One,


Your hashes where cracked with Rainbow Tables!

..cut


Slimjim100 Smile



Hi slimjim100

Can you try to crack

md5 hash#1: 0ed3d3c5989a6f72d161d5ec153740b3
md5 hash#2: c8f290f6b439929a1a1c5e62afe5e0da


i tried with mdcrack http://membres.lycos.fr/mdcrack/ but i suppose that they are 7+ length...

Thank you Wink
View user's profile Send private message
hi
PostPosted: Thu Jul 14, 2005 3:20 pm Reply with quote
alireza
Beginner
Beginner
Joined: Jul 14, 2005
Posts: 1




Can you crack it ?


MD5 hash of password is: 36a1381f064db425b595a576e4a5a962
View user's profile Send private message
PostPosted: Thu Jul 14, 2005 4:42 pm Reply with quote
theOne
Regular user
Regular user
Joined: May 31, 2005
Posts: 8




Thnx slim for your reply, i think i completely understand this hole thing now Smile I was never into md5 cracking etc, more into coding c / c++ finding vuln etc...

The table i'm using i believe is only 1 to 7 pass length ( it's about 122mbs ) took like 4hrs to make Smile

md5_loweralpha#1-7_0_2100x8000000_all.rt

I think i need one with lower / numeric and caps with a higher length than 7 to be able to get the pass for the 2 hashes I posted for the test.

I'll make more tables, i know it takes a while Razz

I added you on MSN if you don't mind, don't worry i'm not those that asks "how how how teach me" lol just so we can dicuss security Smile

Peace and thnx all for the help!
View user's profile Send private message
md5 hashes...
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.040 Seconds