Members Online
Total Online: 41 Web Spiders: 14
Guests Online: 37
Members Online: 4
Registered Members: 70199 Newest Member: deeznuts
|
View Thread
| Author |
RE: Kind Of Encryption... |
n3w7yp3
Member
Posts: 358
Location: USA
Joined: 19.03.05
Rank: Mad User |
|
Thats a line from a *nix /etc/shadow file. the username is anon. The password hash is $1$0ABI89fK$kWD1ScwvpFouOaNSg8P1U/ . Thats a salted MD5 hash (you can tell because it starts with "$1". dump it into john the ripper. shouldn't take too long to crack, if you havea good CPU.
BTW, I got bored and cracked it. output is below:
[root@localhost run]# ./john -w:/home/n3w7yp3/hacking/tools/labs/crypto/words ~n3w7yp3/hacking/hbh-hash
Loaded 1 password (FreeBSD MD5 [32/32])
guesses: 0 time: 0:00:00:04 3% c/s: 7743 trying: anabrotic
anonymous (anon)
guesses: 1 time: 0:00:00:04 100% c/s: 8919 trying: anonymous
[root@localhost run]#
"Root is a state of mind" -- K0resh
Edited by n3w7yp3 on 25-11-05 15:45 |
|
| Author |
RE: Kind Of Encryption... |
n3w7yp3
Member
Posts: 358
Location: USA
Joined: 19.03.05
Rank: Mad User |
|
The salt is a set of characters thats used as an offset to start the permutations.
The difference between a salrted hash and a clean hash are quite obviosu. Consider the following:
[n3w7yp3@localhost crypto]$ ./md5-hash.pl
Usage: ./md5-hash.pl <string>
String is the string to encrypt with MD5.
[n3w7yp3@localhost crypto]$ ./md5-hash.pl n3w7yp3
Encrypting 'n3w7yp3' with MD5...
Your MD5 hexadecimal hash is: e9f5a3b1250837c83e4b9f4bdf0e4714
[n3w7yp3@localhost crypto]$
Thats a clean hash. Now here is a salted:
[n3w7yp3@localhost crypto]$ ./md5-crypt.pl
Usage: ./md5-crypt.pl <plaintext> [salt]
[n3w7yp3@localhost crypto]$ ./md5-crypt.pl n3w7yp3
Plaintext: n3w7yp3
Salt: $1$qtmyahsa$
MD5 hash: $1$qtmyahsa$9bavdbeei8oz3cUhZFFTq1
[n3w7yp3@localhost crypto]$
Thats a salted hash. As you can see they look quite different. Now, I coded this scblockedript so that if the salt wasn't provided, it autogenerated one. An MD5 salt is 12 characters organized like:
$1$[a-z][A-Z][0-9]$
whrere the stuff in the middle ([a-z][A-Z][0-9]) are are at most 8 characters, which makes th salt a total of 12 characters. To get a feel for salts, here is the results of me running the md5-crypt.pl scblockedript 5 times, each time hashing the string n3w7yp3:
$1$pqgpdidv$MUZSiOkXjMgNAcLJ228pT1
$1$bxkksclo$k1Td/7elI8Iy2nb7nczCk1
$1$sztpyqdd$ZDwi9XyrT5rT4Dc.dFa.Z/
$1$mnjyyrem$wEXVoW4FDbHV1OcIEYw/l/
$1$rvbzpkta$e0ai6s02IdzMksi9ZGlus1
See how a different salt effects the hash?
So, there is no shrotcut to cracking salted MD5.
BTW, how do you know that this is a strong password? Just becasue it didn't crack in the first 5 minuets doesn't mean that its strong...
"Root is a state of mind" -- K0resh |
|
|
| Author |
RE: Kind Of Encryption... |
wolfmankurd
Member
Posts: 1519
Location: UK
Joined: 30.05.05
Rank: God |
|
WTF you on about? *scratches head and looks confused.*
BY READING MY POST, YOU ACCEPT IT AS IS AND AGREE TO MY DISCLAIMER OF ALL WARRANTIES, EXPRESS OR IMPLIED, AS WELL AS DISCLAIMERS OF ALL LIABILITY, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL, THAT MAY ARISE FROM THE USE OF THIS (MIS)INFORMATION.
Edited by wolfmankurd on 26-11-05 19:10 |
 
|
|
|
|
Main:
