Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 47
Members: 0
Total: 47
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> MD5 hashes -> Rainbow Crack Goto page Previous1, 2, 3 ... 12, 13, 14
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Sun Feb 18, 2007 9:39 am Reply with quote
raoul_duke
Beginner
Beginner
Joined: Feb 12, 2007
Posts: 3




I missed this thread, i've been trying to crack this for a couple of weeks now with no joy. I'd appreciate it if someone with the means to unencrypt it could give it a try for me:

54723778e6667ca722233bc79572f808
View user's profile Send private message
PostPosted: Sat Mar 31, 2007 2:59 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




Hi,
Sorry to just come along and request a crack, but could someone be kind enough to crack these md5 hashes?

184d1f185c679e6068802db6404179f1

be08cffb8a9d6e0a59e0f581409d0526

d30508fe29f1e7af18653527281b5cbc


Thanks very much. Very Happy
View user's profile Send private message
PostPosted: Sun Apr 01, 2007 1:10 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




Ok, it looks like this forum isn't too active!

I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:

MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000

This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.

THANK YOU for ANY help!!!
View user's profile Send private message
PostPosted: Mon Apr 02, 2007 11:09 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Hm, maybe are five tables just too few? Wink But I do not know if 0.08% are right... I do not think, that you will have a lot of success with your tables generated in one week. RT's need time to generate. That's a fact. But therefor searching for hashes will go faster.

And by the way, this forum can be active. But in my humble opinion it just sucks if one-poster come here to get there damn hashes cracked. :p

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Tue Apr 03, 2007 3:25 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




I tried those three hashes against couple of Rainbow tables:

[a-z] {1,9}
[a-z0-9]{1,8}
{a-zA-Z0-9]{1,7}

and some more, and result is zero! So those are very good password's hashes or there is salting used Smile


Tw1stedL0gic wrote:
Ok, it looks like this forum isn't too active!

I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:

MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000

This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.

THANK YOU for ANY help!!!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Apr 24, 2007 7:30 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




waraxe wrote:
I tried those three hashes against couple of Rainbow tables:

[a-z] {1,9}
[a-z0-9]{1,8}
{a-zA-Z0-9]{1,7}

and some more, and result is zero! So those are very good password's hashes or there is salting used Smile


Tw1stedL0gic wrote:
Ok, it looks like this forum isn't too active!

I've now created 5 rainbow tables and making more.
The thing that worries me is the fact that my calculator software say's I'll only have 0.08% success!!!
Here's my settings:

MD5
loweralpha-numeric
length: 5-9
Chain Len: 2100
Chain Count: 8,000,000

This is the setting recommended in the tutorial. Is this going to work?
If not can someone recommend a setting for finding an alphanumeric MD5 password, HDD space is not an issue, but time is. I'd like each table to take under 24 hours, a week in total.

THANK YOU for ANY help!!!



Thanks for the help!
Dunno if salting was used. They were generated by an OSCommerce system.

Actually, the passwords are stored like this:

184d1f185c679e6068802db6404179f1:a4

be08cffb8a9d6e0a59e0f581409d0526:b9

d30508fe29f1e7af18653527281b5cbc:c9

Notice the colon followed by another two characters. What are these? I don't recognise this system.
View user's profile Send private message
PostPosted: Wed Apr 25, 2007 12:11 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Tw1stedL0gic: Looks like some kind of salting. *g*

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Wed Apr 25, 2007 1:15 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




Chb wrote:
Tw1stedL0gic: Looks like some kind of salting. *g*


I'm new to salting, so forgive me if i'm being naive, but if I get my hands on the source of the PHP login script, can the salting be reversed, or is it irreversible?
View user's profile Send private message
PostPosted: Wed Apr 25, 2007 2:10 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack).

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Wed Apr 25, 2007 9:14 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




Chb wrote:
Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack).


Well I have all the time in the world.
Can anyone point me in the direction of information on salting?
I can probably acces the PHP script which salted the password if that helps.

It appears that older versions of osCommerce has an admin login page (osc now relies on HTAccess protected directories)
View user's profile Send private message
PostPosted: Wed Apr 25, 2007 10:41 pm Reply with quote
ToXiC
Moderator
Moderator
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




Tw1stedL0gic wrote:
Chb wrote:
Tw1stedL0gic: This is depending of the algorithm which has been used. In most cases it is irreversible (what means, you can still crack it, but with more work and time needed to crack).


Code:
I just copied and paste the tool i have on md5this.com
You may find it interesting


Well I have all the time in the world.
Can anyone point me in the direction of information on salting?
I can probably acces the PHP script which salted the password if that helps.

It appears that older versions of osCommerce has an admin login page (osc now relies on HTAccess protected directories)




Due to increased interest for salted Md5's over the last months, the Md5This Team would like to share the small tool we created to recover salted Md5 passwords (commonly used nowadays in web applications and forums - e.g. VBulletinBoard and InvisionPowerBoard).

The tool has just been created so bare with us. Feedback appreciated. It's been written in java to maintain platform independency. We are planning to improve it and also write it in C in order to improve it's speed.

Currently it's not supporting brute force attacks only dictionary (the dictionary will have to be provided by you). We have already uploaded a couple of wordlists (a small one of 3MB and a big one of 200MB in case you need one to get started). You will need to install JRE (Java Runtime Environment - get the latest one from http://java.sun.com/javase/downloads if you don't have one installed already) on your pc in order to run it like any other application created in java.
Installation:

Download, unzip and run Md5This Tool jar file.


Usage: (simple explanation)

A. Choose your usage from the Method selection box before starting:

1. Md5 method is the traditional Md5 algorithm for passwords hashed once. Salt not needed. A valid Md5 string needs to be provided in the Md5 text box in order to get a result if this method is selected.
2. E107 method is a password hashed twice. For example a password "hello" would hash to "5d41402abc4b2a76b9719d911017c592" and then "5d41402abc4b2a76b9719d911017c592" is hashed to "69a329523ce1ec88bf63061863d9cb14" . Salt not needed. A valid Md5 string needs to be provided in the Md5 text box in order to get a result is this method is selected.
3. VBulletin method is a password "hello" hashed to "5d41402abc4b2a76b9719d911017c592", then add a salt "testsalt" to "5d41402abc4b2a76b9719d911017c592" which will form "5d41402abc4b2a76b9719d911017c592testsalt" and then this string hashed to "b9a8f3032597bc73d564a6c846787f5b". A valid Md5 string and a salt (which you have already found by some means!--Not taking questions on this, one it's your responsibility) needs to be provided in the Md5 text box in order to get a result if this method is selected.
4. InvisionPowerBoard method is a password "hello" hashed to "5d41402abc4b2a76b9719d911017c592", then a salt "testsalt" hashed to "315240c61218a4a861ec949166a85ef0" and the "315240c61218a4a861ec949166a85ef05d41402abc4b2a76b9719d911017c592" hashes hashed to Md5 hash "74223e0c12d03f63572265bca9588dd9". A valid Md5 string and a salt (which you have already found by some means!--Not taking questions on this, one it's your responsibility) needs to be provided in the Md5 text box in order to get a result if this method is selected.

B. Enter a valid Md5 hash in the md5 text box and a salt (if needed - according to the method selected--see above.)

C. Press the Get Wordlist & Start button, navigate to your wordlist and select it. You will get a message with the approximate time the application will take to scan through the entire list according to the size of the wordlist. Differend processor configurations though will result to different timings. The time is computed according to the PC on which it was tested but there shouldn't be a big difference for wordlists smaller than 200MB. The application might look like it's not responding during execution time but it's actually working very fast that's why it happens (look on your task manager and you will see it's actually running!). If your password is found the application will stop and display your password in plaintext, otherwise it will scan the entire wordlist and display a "--not found--" message in the password field.

Furthermore, an Md5 simple calculator is provided at the bottom for convenience.


Tool Download Link:

http://www.md5this.com/bYMd5ThiS.rar
A small wordlist (the one used by Cain&Abel):

http://www.md5this.com/Wordlist.zip

a bigger wordlist will be uploaded soon. [/code]

_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Wed Apr 25, 2007 10:47 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




Sounds good, it appears that salting is the new thing.
But can it help me???!!!

I will pay whoever solves my password problem!
please PM me if you want to work on it. I'll sort you $50 if you nail it.
View user's profile Send private message
PostPosted: Thu Apr 26, 2007 11:53 pm Reply with quote
Tw1stedL0gic
Regular user
Regular user
Joined: Mar 31, 2007
Posts: 11




I've got my hands on the salting function:
Code:

function tep_encrypt_password($plain) {
$password = '';

for ($i=0; $i<10; $i++) {
$password .= tep_rand();
}

$salt = substr(md5($password), 0, 2);

$password = md5($salt . $plain) . ':' . $salt;

return $password;
}



Can anyone help me crack this?
View user's profile Send private message
PostPosted: Sat Aug 04, 2007 11:59 am Reply with quote
LuCiFeR
Beginner
Beginner
Joined: Aug 04, 2007
Posts: 2




Ok i have this one: bf7572452df0ddbc81d71df0556a95d4...
Can you give me some program vich can do it fast?

Thx
View user's profile Send private message
PostPosted: Sun Aug 05, 2007 7:29 am Reply with quote
1337
Regular user
Regular user
Joined: Jul 11, 2007
Posts: 6




c0d8c08896bc748af58af0573583a952
View user's profile Send private message
Rainbow Crack
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 14 of 14
Goto page Previous1, 2, 3 ... 12, 13, 14
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds