 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 213
 Members: 0
 Total: 213
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
MD5 Hash Question |
|
 Posted: Thu Aug 07, 2008 8:24 am |
 |
|
| Chedda |
| Active user |
 |
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
 |
|
 |
|
Well I have been using an exploit for SMF forums. It has revealed Hashes, but I have no idea what type of hash it is. It seems a bit long for just a plain MD5 hash so I am thinking there is more too it. I have tried to run it in PasswordsPro without any luck, but I am not even sure I entered it correctly. Can anyone help by telling me what type of hash I have and possibly cracking it. Any information would be helpful thanks!
| Code: |
C:\perl\perl\bin>perl smf.pl -p -u Admin -t http://www.****.net/forum
SMF Is Vulnerable!
Finding Password Hash for the Name: 'Admin'
Please Standby...
Password Hash:
1a9e202de331d17648eb07ffbe08443732582d08
This attack used 160 HTTP requests and took 1010 seconds to complete.
EOF
|
Here are the other hashes that came up under various usernames.
| Code: |
175a4a47d6aac2f736a36e69dfeba69f3b9262c2
1160bc92c9aaea04aba1fd3c929dd6d4a8ed142b
1267b4f93874a716cb6f070beaa01296e42b9a7f
|
|
|
|
|
|
|
|
|
|
| Posted: Thu Aug 07, 2008 8:43 am |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
Oh I just finished reading the rest of the script and it is saying,
| Quote: |
The password hash is generated as:
sha1(strtolower() . );
|
Sadly I have no idea what that means, but I have a feeling its the answer.[/quote] |
|
|
|
|
| Posted: Thu Aug 07, 2008 9:03 am |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
I read the script and it exactly says:
sha1(strtolower($username) . $password);
In passwordspro there is such a scheme. It's indicated as
sha1($username.$password);
you have to set the user as the lower char conversion of the username you want to crack. |
|
|
|
|
| Posted: Thu Aug 07, 2008 9:44 am |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
| oniric wrote: | I read the script and it exactly says:
sha1(strtolower($username) . $password);
In passwordspro there is such a scheme. It's indicated as
sha1($username.$password);
you have to set the user as the lower char conversion of the username you want to crack. |
Ahh thanks! I think I understand now so is this correct?
 |
|
|
|
|
| Posted: Thu Aug 07, 2008 9:49 am |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| No..lowercase username.. admin |
|
|
|
|
| Posted: Fri Aug 08, 2008 8:20 am |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
I can't seem to get any passwords. I even registered on a vulnerable forums and used the password 'password' just as a control and I wasn't even able to crack the hash that came with my account. If anyone has time could they please run these through for me.
Here is supposedly the format, sha1($username.$password);
username : hash
sam : 10f4665ee1de517dd38b8a7202d8b0e8036996ed
amanda : 1a9e202de331d17648eb07ffbe08443732582d08
linds : 1be24e792005794a996b642346bfdc7c1cec0949
Aus10 : 1b9e3bd58439e46cbf2c64167adf52bbb107b0f6
Lauren : 1160bc92c9aaea04aba1fd3c929dd6d4a8ed142b
If anyone could try these I would greatly appreciate it. |
|
|
|
|
| Posted: Fri Aug 08, 2008 9:11 am |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| Just looked more carefully at the screenshot and you put admin as the user name but you used the hash of another user.. Which are the two versions of SMF you attacked? |
|
|
|
|
|
|
|
|
| Posted: Sat Aug 09, 2008 1:37 am |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
| oniric wrote: | | Just looked more carefully at the screenshot and you put admin as the user name but you used the hash of another user.. Which are the two versions of SMF you attacked? |
I'm not 100% sure about your reply. The version I am trying to attack is SMF 1.1.3 and I am using http://www.milw0rm.com/exploits/4547. Here is basically step by step of what I did;
Run the exploit
Add the username and hash to PasswordsPro
Run PasswordsPro
Obviously I just started running PasswordsPro so I have a while until its done, but this is exactly what I did before to figure out a different hash without any luck. Should I enter the hash into the Salted box? I really have no idea and am willing to try anything. I am also new to PasswordsPro and have noticed at the bottom while its trying to crack the hash it has a box for Current password: that is constantly changing. I assume this is the current password its trying to match with the hash, but what I have noticed is the password displayed is always in capital letters is that a problem? |
|
|
|
|
|
|
|
|
| Posted: Sat Aug 09, 2008 9:12 am |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
You are using a Brute Force Attack, so you checking all the possible passwords in the key space generated by the character set of your choice and the desired range. Try first a dictionary attack? Do you have a good word list?
Btw, I'm going to test some of these with my wordlist. |
|
|
|
|
| Posted: Sat Aug 09, 2008 3:46 pm |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
| oniric wrote: | You are using a Brute Force Attack, so you checking all the possible passwords in the key space generated by the character set of your choice and the desired range. Try first a dictionary attack? Do you have a good word list?
Btw, I'm going to test some of these with my wordlist. |
Thanks for the advice you truly are the man. I didn't have a very large wordlist, but just downloaded a 2 GB wordlist no idea how good it is. |
|
|
|
|
| Posted: Sat Aug 09, 2008 4:05 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| I tested the hash on my wordlists and I didn't find a collision.. |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
