Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
December 2, 2023
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 493
Members: 0
Total: 493
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Salt+md5 --> md5 --> plain text?
Post new topic  Reply to topic View previous topic :: View next topic 
Salt+md5 --> md5 --> plain text?
PostPosted: Sun Apr 02, 2006 2:20 pm Reply with quote
Vixje
Active user
Active user
 
Joined: Mar 25, 2006
Posts: 35




Hi,

I have a db of a ipb 2.0+ forum. This forum uses salted hashes. Are these still "crackable" ?

For example i will give you one with a easy password:

INSERT INTO ibf_members_converge (converge_id, converge_email, converge_joined, converge_pass_hash, converge_pass_salt) VALUES('60882','sum@mailaddress.com','1139136008','9c584e88e8db016b867978c4c226c442','<`!G`');

How to un-salt it?
View user's profile Send private message
PostPosted: Thu Apr 13, 2006 3:24 am Reply with quote
Indiction
Regular user
Regular user
 
Joined: Apr 12, 2006
Posts: 11




Yes, you can crack salted hashes but its much harder.

First you must cryptanalyze the MD5 hash and determine its reverse. Now bear in mind that a salted md5 function is as follows:

md5(x ? c)

where x = the cleartext, c = the salt and ? = the mathematical operation.
Say this is equal to the value 00000000000000000000000000000000 (just for kicks), and we add the salt.

md5(x + c) = 00000000000000000000000000000000

Now what we must do is solve for x.

md5^-1(md5(x+c)) = md5^-1(00000000000000000000000000000000)
x+c = md5^-1(00000000000000000000000000000000)
x = md5^-1(00000000000000000000000000000000) - c

Where md5^-1 = a reverse of the message digest 5 algorithm.
I believe this is how you retrieve the cleartext; you must first find the reverse of the MD5, then undo the salt operation in order to get the password. Bear in mind you cannot give salted cleartext because if you do, the salt will be applied again and the MD5 will be incorrect.

I believe, and correct me if I'm wrong, this is the way to retrieve passwords from a salted hash.
View user's profile Send private message
PostPosted: Fri Apr 14, 2006 3:57 am Reply with quote
Vixje
Active user
Active user
 
Joined: Mar 25, 2006
Posts: 35




Thanks a lot. I managed to reverse some already.
View user's profile Send private message
PostPosted: Tue Apr 18, 2006 11:54 am Reply with quote
beastyarny
Regular user
Regular user
 
Joined: Apr 18, 2006
Posts: 5
Location: Russia




you can use this program http://www.insidepro.com/eng/passwordspro.shtml it supports salt md5 hashes also
View user's profile Send private message
md5($salt . $plain)
PostPosted: Wed May 10, 2006 10:01 pm Reply with quote
client
Beginner
Beginner
 
Joined: May 10, 2006
Posts: 3




// This funstion validates a plain text password with an
// encrpyted password
function tep_validate_password($plain, $encrypted) {
if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);

if (sizeof($stack) != 2) return false;

if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
}

return false;
}



315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ?
View user's profile Send private message
Re: md5($salt . $plain)
PostPosted: Thu May 11, 2006 12:09 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




client wrote:

315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ?


Yes, you are right, just concatenate salt to all the passwords in wordlist.

http://www.waraxe.us/ftopic-269-days0-orderasc-135.html
View user's profile Send private message Send e-mail Visit poster's website
Salt+md5 --> md5 --> plain text?
  www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.145 Seconds