Waraxe IT Security Portal
Login or Register
October 3, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 74
Members: 0
Total: 74
Full disclosure
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote CommandExecution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLEcommand line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (MitigationBypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Stored XSS in "Menu Editor" - htmlyv2.9.9
Backdoor.Win32.BlackAngel .13 / Unauthenticated Remote CommandExecution
Backdoor.Win32.CCInvader. 10 / Authentication Bypass
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> Salt+md5 --> md5 --> plain text?
Post new topicReply to topic View previous topic :: View next topic
Salt+md5 --> md5 --> plain text?
PostPosted: Sun Apr 02, 2006 2:20 pm Reply with quote
Vixje
Active user
Active user
Joined: Mar 25, 2006
Posts: 35




Hi,

I have a db of a ipb 2.0+ forum. This forum uses salted hashes. Are these still "crackable" ?

For example i will give you one with a easy password:

INSERT INTO ibf_members_converge (converge_id, converge_email, converge_joined, converge_pass_hash, converge_pass_salt) VALUES('60882','sum@mailaddress.com','1139136008','9c584e88e8db016b867978c4c226c442','<`!G`');

How to un-salt it?
View user's profile Send private message
PostPosted: Thu Apr 13, 2006 3:24 am Reply with quote
Indiction
Regular user
Regular user
Joined: Apr 12, 2006
Posts: 11




Yes, you can crack salted hashes but its much harder.

First you must cryptanalyze the MD5 hash and determine its reverse. Now bear in mind that a salted md5 function is as follows:

md5(x ? c)

where x = the cleartext, c = the salt and ? = the mathematical operation.
Say this is equal to the value 00000000000000000000000000000000 (just for kicks), and we add the salt.

md5(x + c) = 00000000000000000000000000000000

Now what we must do is solve for x.

md5^-1(md5(x+c)) = md5^-1(00000000000000000000000000000000)
x+c = md5^-1(00000000000000000000000000000000)
x = md5^-1(00000000000000000000000000000000) - c

Where md5^-1 = a reverse of the message digest 5 algorithm.
I believe this is how you retrieve the cleartext; you must first find the reverse of the MD5, then undo the salt operation in order to get the password. Bear in mind you cannot give salted cleartext because if you do, the salt will be applied again and the MD5 will be incorrect.

I believe, and correct me if I'm wrong, this is the way to retrieve passwords from a salted hash.
View user's profile Send private message
PostPosted: Fri Apr 14, 2006 3:57 am Reply with quote
Vixje
Active user
Active user
Joined: Mar 25, 2006
Posts: 35




Thanks a lot. I managed to reverse some already.
View user's profile Send private message
PostPosted: Tue Apr 18, 2006 11:54 am Reply with quote
beastyarny
Regular user
Regular user
Joined: Apr 18, 2006
Posts: 5
Location: Russia




you can use this program http://www.insidepro.com/eng/passwordspro.shtml it supports salt md5 hashes also
View user's profile Send private message
md5($salt . $plain)
PostPosted: Wed May 10, 2006 10:01 pm Reply with quote
client
Beginner
Beginner
Joined: May 10, 2006
Posts: 3




// This funstion validates a plain text password with an
// encrpyted password
function tep_validate_password($plain, $encrypted) {
if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);

if (sizeof($stack) != 2) return false;

if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
}

return false;
}



315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ?
View user's profile Send private message
Re: md5($salt . $plain)
PostPosted: Thu May 11, 2006 12:09 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




client wrote:

315099fd1bb6ebdffb4144afa625f210:bb
016d5992130db7b74bad9dde1b35d1e0:be
Can anyone reverse this from me?
Is this the right way:
For 315099fd1bb6ebdffb4144afa625f210:bb to put "bb" in front of every word in my wordlist ?
Is this the only way ?


Yes, you are right, just concatenate salt to all the passwords in wordlist.

http://www.waraxe.us/ftopic-269-days0-orderasc-135.html
View user's profile Send private message Send e-mail Visit poster's website
Salt+md5 --> md5 --> plain text?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.052 Seconds