Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 18, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 393
Members: 0
Total: 393
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to Get target password's md5 hash ? Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
How to Get target password's md5 hash ?
PostPosted: Sat Jul 09, 2005 5:40 am Reply with quote
kiddy
Regular user
Regular user
 
Joined: Jul 09, 2005
Posts: 6




How to Get target password's md5 hash ?
I am a kiddy and don't know that sry
hope u can help
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 6:10 am Reply with quote
diaga
Regular user
Regular user
 
Joined: Jun 27, 2005
Posts: 22




You mean you have a hash and want to decypt it?... it's a hash, not doable.

The only possibility is brute force, see http://www.antsight.com/zsl/rainbowcrack/
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:53 am Reply with quote
kiddy
Regular user
Regular user
 
Joined: Jul 09, 2005
Posts: 6




nono i dont have the hash i must get it and dont know how
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:57 am Reply with quote
diaga
Regular user
Regular user
 
Joined: Jun 27, 2005
Posts: 22




What are you trying to extract the hash from? - usually it's stored in a sql database. If you can get your hands on a copy of the database - just look for the username and it should be somewhere around it
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 9:59 am Reply with quote
kiddy
Regular user
Regular user
 
Joined: Jul 09, 2005
Posts: 6




i need to get admin rights on a site+
View user's profile Send private message
PostPosted: Sat Jul 09, 2005 10:48 am Reply with quote
Shadow
Regular user
Regular user
 
Joined: Aug 08, 2004
Posts: 7
Location: Where dingos eat babies




What are u trying to get admin in phpbb, phpnuke, postnuke or a custom made site(as they all run phpbb), does it even hash the pass, does it use sql and what version they are running? It would help if you supplied the cms you are trying to exploit you dont have to be admin to sql inject. You can also look through all the posts, If its a comon cms there probably an exploit already posted. You have to supply more than "How to Get target password's md5 hash ? " thats a pretty genral statment. Remember dont post the url of the real site.

_________________
My software never has bugs. It just develops random features.
View user's profile Send private message
PostPosted: Sun Jan 01, 2006 11:09 pm Reply with quote
Horatio
Regular user
Regular user
 
Joined: Jan 02, 2006
Posts: 5




ya I have the same question; I am trying to get the hash for a phpbb 2.08 forum but have no idea how to begin.
View user's profile Send private message
PostPosted: Tue Jan 03, 2006 1:03 am Reply with quote
Chb
Valuable expert
Valuable expert
 
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Look for a description for the word "exploiting" and then take a look in this forum for exploits for version 2.0.8. And then ask if you don't understand something. But don't ask how to do. Learning by doing.

We won't be furious if you ask how something works. But we (in any case me) would be angry if you ask HOW to do something.
You should try and see and search for information by your own.
Don't let others take your work.

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Wed Jan 04, 2006 12:54 am Reply with quote
Horatio
Regular user
Regular user
 
Joined: Jan 02, 2006
Posts: 5




I spent a lot of time searching the forum already; I would find links to tuts on getting the hash but the links would be dead. so ya I always use search before asking.
View user's profile Send private message
PostPosted: Thu Jan 19, 2006 2:20 am Reply with quote
Horatio
Regular user
Regular user
 
Joined: Jan 02, 2006
Posts: 5




help
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 8:21 pm Reply with quote
superninja
Active user
Active user
 
Joined: Jul 03, 2006
Posts: 38




WE MEAN " How can WE(bunch of kiddies Razz) get the md5? " IS it somewhere is the admin forum profile or what?
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 9:37 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




superninja wrote:
WE MEAN " How can WE(bunch of kiddies Razz) get the md5? " IS it somewhere is the admin forum profile or what?


As you can guess, password is kind of information, that anybody want's to keep in secret. Sounds logical? So, password md5 hash - it is not an password itself, but still can lead to identity theft. This means, that any program writer, any admin, any user want's to keep his password md5 hash in secret. Now let's suppose, you want to "pull out" or steal that md5 hash from some website. Cool then. It's logical that it is not an easy task (mostly) and may be even (practically) impossible in some cases.

Typical successful md5 hash stealing scenarios:

1. You have somehow access to database - maybe through other security holes.
2. You have been trusted to be admin or moderator in website and you will misuse this trust against the siteowner.
3. There is someone with experience, skills, motivation and free time, who will find ("develope", if you prefer) new security holes in some opensource software. And after that he/she will publish advisories and all the scriptkidd0z - hacking wannabes, who wants to hack something, but have not (or not yet) enough skills for creative research - can use this info for their haxing.
This is c00l, but now think about siteowners and admins - are they happy with websites defaced and hacked down? Nop, as you can guess.
So any normal webmaster and admin will patch ("repair") websites as soon as possible. If there is some new exploit, then you can "hack" as crazy few days. Then after some weeks most targets are allready hacked or patched. Even worse - worms can be developed to exploit new security holes and this kind of mass exploiting means faster patching.
So - if you find some nice-looking exploit and think to use it against some website, then probably it will not work anymore - because site is allready patched. So - you can:
a) React as fast as possible - use "0-day" sploits
b) Try against many sites and maybe you are lucky
c) Try multiple different sploits, maybe some of them will work

By the way - I suggest to learn sql injection basics and try them in real world against windows/IIS/ASP/MSSQL websites. From my personal experience I can swear, that >25% of all ASP websites are exploitable by sql injection. And this is much more fun and creative, then just running sploits, written by others.

Learning is the key - learning, patience, motivation Very Happy


Last edited by waraxe on Mon Jul 03, 2006 9:44 pm; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 03, 2006 9:44 pm Reply with quote
superninja
Active user
Active user
 
Joined: Jul 03, 2006
Posts: 38




ok thanks for the information , but where must WE put this sploits Embarassed
View user's profile Send private message
PostPosted: Mon Jul 03, 2006 9:45 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




superninja wrote:
ok thanks for the information , but where must WE put this sploits Embarassed


It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 03, 2006 9:48 pm Reply with quote
superninja
Active user
Active user
 
Joined: Jul 03, 2006
Posts: 38




waraxe wrote:
superninja wrote:
ok thanks for the information , but where must WE put this sploits Embarassed


It will depend. If it is written in perl, then use ActivePerl. If in php, use php. If C - use c compiler. If shell script - use linux Smile

Ok i can't understand ,but i'm wondering how these (http://www.cyber-raider.com) guys continued hack forums and sites Smile i ask to join them and they ban me Rolling Eyes
View user's profile Send private message
How to Get target password's md5 hash ?
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Hardware reviews
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.068 Seconds