|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 62
Members: 0
Total: 62
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
IPB |
|
Posted: Wed Jan 09, 2008 3:43 am |
|
|
lmaoqwerty |
Regular user |
|
|
Joined: Jan 06, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
I don't know if I'm doing this right.
I are confused.
Invision Power Board v2.1.6
-lmaoqwerty |
|
|
|
|
Posted: Wed Jan 09, 2008 6:56 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Decrypt hash+salt and try to login as admin. |
|
|
|
|
Posted: Wed Jan 09, 2008 8:09 am |
|
|
lmaoqwerty |
Regular user |
|
|
Joined: Jan 06, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
If im not mistaken, the hash already contains the salt inside it?
Let's say his password is hightime and the salt is ++xs
The hash would be ++xshightime?
This would make a dictionary attack useless. Therefore it must be brute forced. However, this would take incredibly long. Any ideas? |
|
|
|
|
Posted: Wed Jan 09, 2008 9:15 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
lmaoqwerty wrote: | If im not mistaken, the hash already contains the salt inside it?
Let's say his password is hightime and the salt is ++xs
The hash would be ++xshightime?
This would make a dictionary attack useless. Therefore it must be brute forced. However, this would take incredibly long. Any ideas? |
This is mistake.
username:633ef3c966a6aa823dafbe1fbcbd:+gzO?
username:hash:salt |
|
|
|
|
Posted: Wed Jan 09, 2008 11:36 am |
|
|
lmaoqwerty |
Regular user |
|
|
Joined: Jan 06, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
Can you prove to me that it is in fact md5pass_hash + salt?
I was pretty sure it was hash = pass+salt |
|
|
|
|
Posted: Wed Jan 09, 2008 11:42 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
md5(md5($salt).md5($pass)) [PHP] - used with IPB 2.x.x.
Look on your pics dude.Special on last one.
Get data from column: converge_pass_salt
Returned data:................................ |
|
|
|
|
Posted: Wed Jan 09, 2008 3:48 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
hash:633ef3c9d66a6aa323dafbelfbcbd
salt:+gzO?
I tried PasswordsPro with wordlists and bruteforce methods and got nothing ... so far ... |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|