Waraxe Forums

ZiPo · Advanced user

Hi.
This is my first post here on this forum so first I want to say Hello to all of you Wink

What I would like to know is the process of cracking "salted" md5 password. I don't want you guys to do the hard work for me, I would actually love to learn
the way on how to do it.

Let's take for example Joomla Passwords.

If I understand correctly this is the "hashing" process:

1. Random generated string (32 char long) as salt.

2. Taking user password, adding salt to it, and then md5 everything together

3. Formatting given Hash into Hash:Salt format.
***************************************

Questions Wink

1. Is salt first added or is md5 first then added to the password (seems like an overkill to me)?

2. How to figure salt (way to long for brute force, or dictionary (if really is 32 char long)?

3. After adding salt to the hash and applying md5 how to figure which part of the hash is acctual salt?

I have seen that some of the guys here has cracked joomla passwords (didn't want to bother you guys over PM since this is my first post) so i know that can be done.

I have no problem with finding and cracking standard md5 hashes, but these one made me thinking Wink

Feel free to PM me if you don't want to explain process here.

Thanks in advance.

P.S. I apologize for my English, but it's not my native language.

Have Fun!

ZiPo · Advanced user

Thx, but i figured out. No need to reply, i should spend more time reading through the posts here cos it was already answered.
Thanks to waraxe Smile