 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 278
 Members: 0
 Total: 278
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Need a little guidance please... |
|
 Posted: Tue Jul 08, 2008 5:42 pm |
 |
|
| ZiPo |
| Advanced user |
 |
|
| Joined: Jul 08, 2008 |
| Posts: 86 |
|
|
|
 |
|
 |
|
Hi.
This is my first post here on this forum so first I want to say Hello to all of you 
What I would like to know is the process of cracking "salted" md5 password. I don't want you guys to do the hard work for me, I would actually love to learn
the way on how to do it.
Let's take for example Joomla Passwords.
If I understand correctly this is the "hashing" process:
1. Random generated string (32 char long) as salt.
2. Taking user password, adding salt to it, and then md5 everything together
3. Formatting given Hash into Hash:Salt format.
***************************************
Questions
1. Is salt first added or is md5 first then added to the password (seems like an overkill to me)?
2. How to figure salt (way to long for brute force, or dictionary (if really is 32 char long)?
3. After adding salt to the hash and applying md5 how to figure which part of the hash is acctual salt?
I have seen that some of the guys here has cracked joomla passwords (didn't want to bother you guys over PM since this is my first post) so i know that can be done.
I have no problem with finding and cracking standard md5 hashes, but these one made me thinking
Feel free to PM me if you don't want to explain process here.
Thanks in advance.
P.S. I apologize for my English, but it's not my native language.
Have Fun! |
|
|
|
|
|
|
|
|
| Posted: Tue Jul 08, 2008 5:53 pm |
|
|
| ZiPo |
| Advanced user |
|
|
| Joined: Jul 08, 2008 |
| Posts: 86 |
|
|
|
|
|
|
|
Thx, but i figured out. No need to reply, i should spend more time reading through the posts here cos it was already answered.
Thanks to waraxe  |
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
