Waraxe IT Security Portal

code_geass · Regular user

d59127bcb683c702370f45b2e36c1c5e
0ee144c40537f3bcbac7dd63a0e5eb03
33e51192ce08c4c37c89363a16f42b58
770b932130988309a96d629bdacabb68

just send me your paypal id but ill try your cracked pw first to see if it works

vince213333 · Advanced user

Don't post the same thing three times. It won't help.

See this thread.

rahat · Regular user

Yes,
You need to provide some additional information too, like, if its just plain MD5 hash, or its a salted hash. In case if its salted hash, then you need to provide its salt too, without salt, its VERY hard to crack it (if not impossible), and no one is gonna bother even trying to crack it. Once you provide with sufficient info, the people on waraxe forum (and on many other forums) are generous enough to help you free of charge. Smile

Check this link if you are curious about salt thingy http://en.wikipedia.org/wiki/Salt_%28cryptography%29

Ok, I'll give you some head start:
you select a passowrd "rahat" on a vBulletin site, vBulletin will generate a random salt "t#1" for it automatically, (that salt is stored in the database with final hash)

So its like:
$pass = rahat
$salt = t#1
Now, vBulletin uses md5(md5($pass).$salt) algorithm, so it will first MD5 the password, then concatenate salt with it and will MD5 the whole string again:
md5(40ca651cefb9a6bffa117f429897c5f1t#1)
So, the final hash will be: a18a5e69de842e598a89fbed1c0adfe4

Now, vBulletin uses md5(md5($pass).$salt), IP Board uses md5(md5($salt).md5($pass)), Joomla uses md5($pass.$salt) algorithm to produce their hashes and so on and so forth.

To crack such hashes, there are different techniques, http://en.wikipedia.org/wiki/Password_cracking may give you good start. I personally use PasswordPro and a 1 GB dictionary set. You can download InsidePro from http://www.insidepro.com/ for free, and they provide a very good collection of dictionary set, plus there are plenty available on the Internet.

Good luck

vince213333 · Advanced user

Rahat, if you have clicked the link in my previous post, you would've seen that those are actually vBulletin hashes so they are salted.

It's possible to crack vBulletin hashes without having a salt by performing a brute-force variant will all possible vBulletin salts. It takes some time though...

One last thing. InsidePro isn't a program. It's the name of the "company" that makes the applications they offer, like PasswordsPro or SAMInside Smile

code_geass · Regular user

wow what a helpful forum Smile

thanks for clearing things out.. here the db entry for one of the accounts im cracking.. idk about the salt thing if it's located here

INSERT INTO user VALUES('1','6','','0','ADMIN','0ee144c40537f3bcbac7dd63a0e5eb03','2009-02-03','administrator@someforum.com','0','','http://www.someforum.com','','','','','','2','2','Pwner','1','1154873640','0','1233646793','1233646793','1208622069','21','12','5','0','0','0','0','0','2135','','0000-00-00','-1','1','','0','0','0','0','-1','2','0','k[M','0','0','0','0','0','0','','0','3213.03000','0.00000','0','0','0','0','0','','','','','0','','1','1','0','0','0','','a:2:{i:0;a:4:{s:6:\"itemid\";s:2:\"42\";s:9:\"finalcost\";d:512.8885000000000218278728425502777099609375;s:8:\"dateline\";i:1208007435;s:7:\"expires\";s:1:\"0\";}i:1;a:4:{s:6:\"itemid\";s:2:\"42\";s:9:\"finalcost\";d:512.8885000000000218278728425502777099609375;s:8:\"dateline\";i:1208008363;s:7:\"expires\";s:1:\"0\";}}','','','','','','0','');

rahat · Regular user

ah, thanks vince213333 for pointing out.
I mistakenly wrote the incorrect name :p

I re-read the post of yours in that link and all there is mentioned "We need the salt too, if those are vBulletin hashes..." which didn't confirmed their being vBulleting hashes to me :p... guessing I'm dumb?

And yes its still possible to crack a salted hash without its salt, but as i mentioned in the post that its very hard to crack such a hash without its salt, the given link of wikipedia says something like:

vince213333 · Advanced user

I'd have a look at the title of the thread I referred you too Wink

And cracking without the salt doesn't take that much time if you're lucky. I've found a few without having the salt. Though I wouldn't encourage people to post hashes without the salt as it does increase the time needed to crack exponentially so to say.

And code_geass, I think the salt we're looking for is k[M.
Though I couldn't really find the matching password. Mind posting the other database records too, so I can see if I can find any of the other ones. The salt only is fine too. It's a 3 character string, somewhere in the middle of the database record.

code_geass · Regular user

code_geass · Regular user

Just wanna say sir that i dont have the whole database.. only the table for the users is at my possesion right now Very Happy

vince213333 · Advanced user

Necrowing:9a184a58f8a512e0ccda1946687690e7:ewan123
rei_kawaii:33e51192ce08c4c37c89363a16f42b58:natsumi
pedron_mapuan:3dd7fd2abeb274db3a293b062676db0c:passw0rd
ejhades:cf91b6ddcfb9e4e74787a758fae8a3a2:031084
mechengr:367a098ca9342bd8ccd4f1c0125cb1b2:1234qwer

Not cracked:
Darkjong-kun:7290d1c7d8da944d70b395f6fc340f46:|,X
trickzstyles:fa7c9d4fef3985042c4939b9b306de35:X1P
L:770b932130988309a96d629bdacabb68:zm<
k_e_i_k_u_n_1_7:94ee82ac13546da52171c84120967726:1CZ
rain16:793007f6148c9affe647343fee05a2c4:Tsk
Akodo Yuru:49b706d43ad73884c139354923f9aef7:tlg
ren:65fa78d460511dc39ad93370f25af9bc:+jO
god:08b8ed7aa6cb24d454147be6aa856679:7y[
gedrocks:7a57a8a4c075b8d893e6215e6a0513d7:wt*

code_geass · Regular user

these are the most important accounts Smile

Please crack them too if you can Very Happy

But dont push yourself Wink

code_geass · Regular user

what if i posted the whole database here? would you guys help me and crack them all? the forum im hacking is full of bullies and told our school a crap school numerous times

crazynou · Advanced user

code_geass · Regular user

code_geass · Regular user

PM me so i can send you the download link for the database maybe theyll patch this soon