Waraxe Forums - Using PasswordPRO tool on a phpbb password.

Lordbug · Beginner

I happen to come across a phpbb database and I am looking into using Password PRO to crack the salted password.

I am a total noob at using this program obviously.. lol someone help me out here?

So I click add user.

Username:
Hash:
Salt HMAC KEY:

these are the fields in passwordpro.

Those fields in phpbb db correspond to these tables?

Username: username_clean
Hash: user_password
Salt: user_forum_salt

All within phpbb_users, and the type of brute-force-attack will be md5(md5($salt).md5($pass)) [php]

?

Im confused as to which fields to enter, and if its SHA-1 or md5... etc etc... Like when you click edit user or add user the fields to enter.

Help a script kiddie trying to learn out? Thanx fellas.

The salted phpbb3 pass im trying to crack is:

$H$9I.amYKBS3AzHmtF4H98V.KhZSL6T9.

lenny · Valuable expert

Don't be a script kiddie.

However, given that you are asking nicely (and didn't speak in 1337speak) I will make an exception to my moral code Wink

Ok, So in PassPro add a new hash to the list (Edit -> add).
In the "Type of Hash" field select "MD5(phpBB3)" (Simple, eh?)
Enter the username, hashed password and salt and run the brute-forcer.

You *need* the salt, or it wont work... and you *need* a good rainbow table or wordlist in order to break it, otherwise a streight brute-force attack may take a very long time Smile