 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 360
 Members: 0
 Total: 360
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
md5 hashes... please explain |
|
 Posted: Thu Nov 01, 2007 5:18 am |
 |
|
| delta_one |
| Beginner |
 |
|
| Joined: Nov 01, 2007 |
| Posts: 2 |
|
|
|
 |
|
 |
|
hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them?  |
|
|
|
|
|
Re: md5 hashes... please explain |
|
| Posted: Thu Nov 01, 2007 8:08 am |
|
|
| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
| delta_one wrote: | | hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? |
i will try to explain to you is simple words.
Most of the hashes posted in here are hashes that are stored into databases of web applications.
I forgat to mention :
from google:
A hash function h is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties.
md5 is a hash function that gets an any h value input and returns a 32 characters hex output
md5 funtion is used to "encypt" the value of the password of the users of a web app. for example :
a user register to a website and his password is stored encypted in the database so that the only one that knows it is the specific user .. NOT even the owner of the site should know it.
Now , regarding your other questions how to get it.
Most of the exploits can execute sql statements and the return value at most of the cases is an md5 hash value.
So you may get from an execution the following info
username : admin
password : 31435008693ce6976f45dedc5532e2c1
the 31435008693ce6976f45dedc5532e2c1 is the md5 of the password of the user.
md5 was made to be one way.
but with various techniques like rainbow tables / dictionary attacks / online datbases / bruteforce attack ... the value is returned to the plain value which at the the above case is
31435008693ce6976f45dedc5532e2c1 resolves to thisismypassword |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
Re: md5 hashes... please explain |
|
| Posted: Thu Nov 01, 2007 12:44 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| delta_one wrote: | | hey, obviously I am a n00b at this, but what are md5 hashes used for that makes people want to crack them? and how do you get hold of them? |
If someone hacks in to remote database or read privated files, then usernames and passwords can be considered as worthy data to be stolen. People tend to use same or similar passwords in many places and if you can get someone's password for some forum or blog, then same password can open many other "locks". Now, there were times, when passwords were stored as plain text. As for now, 21. century, most of the passwords are stored as hashes or even salted hashes. In this way, if hacker can steal your password's hash, he/she still does not know real, plain text password. But there comes better part - simple hashes can be 1) bruteforced, 2)cracked by wordlists, 3)cracked by rainbow tables.
Still i must admit, that IF password is very good, THEN hash cracking is not possible, period  |
|
|
|
|
|
|
|
|
| Posted: Fri Nov 02, 2007 7:10 am |
|
|
| delta_one |
| Beginner |
|
|
| Joined: Nov 01, 2007 |
| Posts: 2 |
|
|
|
|
|
|
|
| Thank you very much I understand what they are used for now lol and why people want them. Thanks. |
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
