Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 25
Members Online: 0

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

Password Salt

Nubzzz
Member



Posts: 75
Location: php_info();
Joined: 21.12.05
Rank:
Newbie
Posted on 20-01-06 02:33
I know all about salts and that they are very secure but what i want to know is is there any way to crack them to obtain the origional password? and if there is could you lead me to a program to do so?


images.insecure.org/nmap/images/nmap_bnr_kyra2.gif

[center]
01001110011101010110001001111010011110100111101000100000011100000111011101101110
01110011001000010010000001001000011001010010000001101001011100110010000001101001
01101110001000000111010001101000011001010010000001110100011011110111000000100000
00110101001001010010000001101111011001100010000001001000010000100100100000100001
[url=http://hellboundhackers.org/fu

Edited by Nubzzz on 20-01-06 02:34
Author

RE: Password Salt


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-06 12:31
John the Ripper handles salted hashes and encryptions.
Author

RE: Password Salt

n3w7yp3
Member

Your avatar

Posts: 358
Location: USA
Joined: 19.03.05
Rank:
Moderate
Posted on 19-05-06 18:40
With DES the salt is the first 2 characters.

With salted MD5 (the type that begins with $1), the salt is the first 11 characters.

John will automotically take care of this for you, but if you want to extract the salt by hand, its fairly easy. In Perl, you'd just do something like:
Code

my $salt = substr($hash,0,2); *For DES
my $salt = substr($hash,0,11); *For MD5





IPB style salted MD5 hex hashes are a bit harder. You actually have to have the salt database to crack them (okay, I lied. You can dictionary attack/bruteforce the salt, or if you want to be fancy you can use colosions to break it). There is a patch for john that enables it to crack IBP hashes, if you're interested...

[edit]Okay, I'm fucking pissed. The damn forum changed a pound sign (shift+3), which is a comment in Perl as well as many other languages, into a freakin' *. I'm gonna post a complaint thread...[/edit]


"Root is a state of mind" -- K0resh

Edited by n3w7yp3 on 19-05-06 18:42