 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Help please. |
 |
 Posted: Fri Aug 01, 2008 11:53 am |
 |
|
| MrHax |
| Regular user |
 |
|
| Joined: Aug 01, 2008 |
| Posts: 6 |
|
|
|
 |
|
 |
|
Can someone crack the following Md5 -
'#21', 'b2ad4e05576b31040b8803d5744ef779', 'IrTehSex@gmail.com', '0', '0', '0', '', '', '1180300920', '1217257782', '1217195758', '1', '-28800', '', '', 'Elite_Cheating_21@hotmail.com', 'b:0;'); |
|
|
|
|
| Posted: Fri Aug 01, 2008 11:54 am |
|
|
| lenny |
| Valuable expert |
 |
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
I take it thats the output of an SQL injection attack? What are you looking for? Email+password combinations?
Ill give it a go  |
|
|
|
|
| Posted: Fri Aug 01, 2008 12:34 pm |
|
|
| MrHax |
| Regular user |
|
|
| Joined: Aug 01, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| I just need the password I got the database through a SQL Injection through the Shoutbox. If you get the password, i'll let you have the db (50k+ threads and 15k+ members) with all the passwords. |
|
|
|
|
| Posted: Fri Aug 01, 2008 3:51 pm |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
Ok, thats a good deal. I'll do what I can, however you will need to tell me the origin of the string you have given me. What software was it from?
Edit: Never mind, I thought i recognised the database structure Figured it out - I am running the hash through my dictionaries again now
Edit: Dictionary attack failed. I am running it through a brute force attack, but thats not due to finish for another 14 or so hours - I'll leave it running overnight tonight |
|
|
|
|
| Posted: Sat Aug 02, 2008 6:09 am |
|
|
| MrHax |
| Regular user |
|
|
| Joined: Aug 01, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| Thanks Please get back to me asap. Its vBulletin btw. |
|
|
|
|
| Posted: Sat Aug 02, 2008 11:59 am |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
Well I have run the hash through all my dictionaries, and through a 1-6 character brute force attack to no result. Thats one tricky hash!
I am getting the right end of the stick here: the salt *is* "b:0;" - am i right?
(edit: ps, this is my 100th post!)
Edit Edit: Bear with me, im running it through PasswordsPro again with some slight alterations |
|
|
|
|
| Posted: Sat Aug 02, 2008 11:59 pm |
|
|
| MrHax |
| Regular user |
|
|
| Joined: Aug 01, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| I think so, im not totally sure. If you crack it, pm me the password dont post it on here, and i'll pm you back the reward. Thnx |
|
|
|
|
| Posted: Sun Aug 03, 2008 10:35 am |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
| Ok, unfortunatley the bute force attack failed. There is no more I can do, however I managed to find the site of origin of the hash and found several other vulnerabilities in their software |
|
|
|
|
| Posted: Sun Aug 03, 2008 12:58 pm |
|
|
| MrHax |
| Regular user |
|
|
| Joined: Aug 01, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| Can u tell me the vunerabilities? I need this urgent. |
|
|
|
|
| Posted: Sun Aug 03, 2008 1:30 pm |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
The site uses ibProArcade v2.6.3+, which is vulnerable to exploitation through blind SQL injection.
Check out the exploit here: http://pastebin.com/m1b5ab50a
The exploit takes a while to do its stuff, so here are the results:
| Quote: | Username: #21
Password: 66d833e469f59f775b6c1b873cebe03d
Salt: 2fe
|
|
|
|
|
|
www.waraxe.us Forum Index -> All other hashes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 47
Members: 0
Total: 47
