|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 177
Members: 0
Total: 177
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Salt+md5 --> md5 --> plain text? |
|
Posted: Sun Apr 02, 2006 2:20 pm |
|
|
Vixje |
Active user |
|
|
Joined: Mar 25, 2006 |
Posts: 35 |
|
|
|
|
|
|
|
Hi,
I have a db of a ipb 2.0+ forum. This forum uses salted hashes. Are these still "crackable" ?
For example i will give you one with a easy password:
INSERT INTO ibf_members_converge (converge_id, converge_email, converge_joined, converge_pass_hash, converge_pass_salt) VALUES('60882','sum@mailaddress.com','1139136008','9c584e88e8db016b867978c4c226c442','<`!G`');
How to un-salt it? |
|
|
|
|
|
|
|
|
Posted: Thu Apr 13, 2006 3:24 am |
|
|
Indiction |
Regular user |
|
|
Joined: Apr 12, 2006 |
Posts: 11 |
|
|
|
|
|
|
|
Yes, you can crack salted hashes but its much harder.
First you must cryptanalyze the MD5 hash and determine its reverse. Now bear in mind that a salted md5 function is as follows:
md5(x ? c)
where x = the cleartext, c = the salt and ? = the mathematical operation.
Say this is equal to the value 00000000000000000000000000000000 (just for kicks), and we add the salt.
md5(x + c) = 00000000000000000000000000000000
Now what we must do is solve for x.
md5^-1(md5(x+c)) = md5^-1(00000000000000000000000000000000)
x+c = md5^-1(00000000000000000000000000000000)
x = md5^-1(00000000000000000000000000000000) - c
Where md5^-1 = a reverse of the message digest 5 algorithm.
I believe this is how you retrieve the cleartext; you must first find the reverse of the MD5, then undo the salt operation in order to get the password. Bear in mind you cannot give salted cleartext because if you do, the salt will be applied again and the MD5 will be incorrect.
I believe, and correct me if I'm wrong, this is the way to retrieve passwords from a salted hash. |
|
|
|
|
|
|
|
|
Posted: Fri Apr 14, 2006 3:57 am |
|
|
Vixje |
Active user |
|
|
Joined: Mar 25, 2006 |
Posts: 35 |
|
|
|
|
|
|
|
Thanks a lot. I managed to reverse some already. |
|
|
|
|
Posted: Tue Apr 18, 2006 11:54 am |
|
|
beastyarny |
Regular user |
|
|
Joined: Apr 18, 2006 |
Posts: 5 |
Location: Russia |
|
|
|
|
|
|
|
|
|
|
|
md5($salt . $plain) |
|
Posted: Wed May 10, 2006 10:01 pm |
|
|
client |
Beginner |
|
|
Joined: May 10, 2006 |
Posts: 3 |
|
|
|
|
|
|
|
// This funstion validates a plain text password with an
// encrpyted password
function tep_validate_password($plain, $encrypted) {
if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);
if (sizeof($stack) != 2) return false;
if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
}
return false;
}
315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ? |
|
|
|
|
|
Re: md5($salt . $plain) |
|
Posted: Thu May 11, 2006 12:09 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
client wrote: |
315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ? |
Yes, you are right, just concatenate salt to all the passwords in wordlist.
http://www.waraxe.us/ftopic-269-days0-orderasc-135.html |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|