Follow us on Twitter!
Ideas are far more powerful than guns.
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

Kind Of Encryption...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-05 03:25
anon1:$1$0ABI89fK$kWD1ScwvpFouOaNSg8P1U/:13111:0:99999:7:::

Does Anyone Know What Type Of Encryption The Password File There Is?
Author

RE: Kind Of Encryption...

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 25-11-05 15:44
Thats a line from a *nix /etc/shadow file. the username is anon. The password hash is $1$0ABI89fK$kWD1ScwvpFouOaNSg8P1U/ . Thats a salted MD5 hash (you can tell because it starts with "$1". dump it into john the ripper. shouldn't take too long to crack, if you havea good CPU.

BTW, I got bored and cracked it. output is below:

Code

[root@localhost run]# ./john -w:/home/n3w7yp3/hacking/tools/labs/crypto/words ~n3w7yp3/hacking/hbh-hash
Loaded 1 password (FreeBSD MD5 [32/32])
guesses: 0  time: 0:00:00:04 3%  c/s: 7743  trying: anabrotic
anonymous        (anon)
guesses: 1  time: 0:00:00:04 100%  c/s: 8919  trying: anonymous
[root@localhost run]#








"Root is a state of mind" -- K0resh

Edited by n3w7yp3 on 25-11-05 15:45
Author

RE: Kind Of Encryption...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-05 22:18
Ok... So Salted MD5, What the difference between a MD5 Hash and the salt? i have a root password in a shadow file, but it's a hard password, and i was wondering if there was any quick way of cracking it... i know john, but this is one of those passwords that would take about 3 month's on a cray to crack ... lol
Author

RE: Kind Of Encryption...

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 26-11-05 19:03
The salt is a set of characters thats used as an offset to start the permutations.

The difference between a salrted hash and a clean hash are quite obviosu. Consider the following:

Code

[n3w7yp3@localhost crypto]$ ./md5-hash.pl
Usage: ./md5-hash.pl <string>
String is the string to encrypt with MD5.
[n3w7yp3@localhost crypto]$ ./md5-hash.pl n3w7yp3
Encrypting 'n3w7yp3' with MD5...
Your MD5 hexadecimal hash is: e9f5a3b1250837c83e4b9f4bdf0e4714
[n3w7yp3@localhost crypto]$





Thats a clean hash. Now here is a salted:

Code

[n3w7yp3@localhost crypto]$ ./md5-crypt.pl
Usage: ./md5-crypt.pl <plaintext> [salt]
[n3w7yp3@localhost crypto]$ ./md5-crypt.pl n3w7yp3
Plaintext: n3w7yp3
Salt: $1$qtmyahsa$
MD5 hash: $1$qtmyahsa$9bavdbeei8oz3cUhZFFTq1
[n3w7yp3@localhost crypto]$





Thats a salted hash. As you can see they look quite different. Now, I coded this script so that if the salt wasn't provided, it autogenerated one. An MD5 salt is 12 characters organized like:

Code

$1$[a-z][A-Z][0-9]$




whrere the stuff in the middle ([a-z][A-Z][0-9]) are are at most 8 characters, which makes th salt a total of 12 characters. To get a feel for salts, here is the results of me running the md5-crypt.pl script 5 times, each time hashing the string n3w7yp3:

Code

$1$pqgpdidv$MUZSiOkXjMgNAcLJ228pT1
$1$bxkksclo$k1Td/7elI8Iy2nb7nczCk1
$1$sztpyqdd$ZDwi9XyrT5rT4Dc.dFa.Z/
$1$mnjyyrem$wEXVoW4FDbHV1OcIEYw/l/
$1$rvbzpkta$e0ai6s02IdzMksi9ZGlus1





See how a different salt effects the hash?

So, there is no shrotcut to cracking salted MD5.

BTW, how do you know that this is a strong password? Just becasue it didn't crack in the first 5 minuets doesn't mean that its strong...


"Root is a state of mind" -- K0resh
Author

RE: Kind Of Encryption...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-11-05 19:08
WTF you on about? *scratches head and looks confused.*




Edited by on 26-11-05 19:10
Author

RE: Kind Of Encryption...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-11-05 23:00
root:$1$puLS/iXj$4RUIMPkLWhkKpVAav1Zik/

Ok... Now I Get it that tells me a ton... thank you very much, now, what about the above, can anyone crack that for me?