cracking salted MD5 hash

ilkjester · Post by **ilkjester** » 26 Nov 2008, 13:31

Anyone know what kind of hash this is and how I would crack it? Does john the ripper crack any hashes or would i have to know the type of hash it is first?
Error: Supplied argument is too long on line 5. ce612bf7f7ef037facaff77ab1b89e89;

Post by **bad_brain** » 26 Nov 2008, 16:23

MD5 hash....you can only crack it by using rainbow tables.
either visit one of the usual online MD5 cracking sites (and wait, wait, wait if the hash has not been cracked earlier by another reuqest already), or get some rainbow tables yourself (and download, download, download

).
the problem with the first option is that it can take really long if you're #1055 in the queue, and the problem with the 2nd option is that you either have to hope there is no special character in the password or trying to find perfect rainbow tables (which would be at least 500GB to download if you find a source).
if you need rainbow tables for alphanumeric passwords take a look here:
http://rainbowtables.ddl.cx/

Still_Learning · Post by **Still_Learning** » 26 Nov 2008, 17:03

I need a rainbow table that can crack special characters, is this possible to have in a table like this with a filesize 40GB or under?

how do you tell what type of hash it is? I've been playing with ophcrack lately, is john the ripper better?

what kind of hash would this be? it seems to not be a MD5

EbGguvEgrRavfNcvRprbsShpXvatCvFf

thanks

rhysh · Post by **rhysh** » 26 Nov 2008, 18:11

still learning that is not an md5,or not your ordinary one anyway,i dunno,it hasnt got any numeric character so i dont think it is md5

Post by **bad_brain** » 27 Nov 2008, 04:41

Cain and Abel is an app that can be used to crack MD5 hashes, but how good the chances are with dictionary or brute force-attacks, I don't know
you will definitely have the best chances by using rainbow tables (ok, brute forcing maybe has the same chances, but it takes awfully long).

so either you download them (using the link I provided above) or you generate them by yourself:
http://www.antsight.com/zsl/rainbowcrack/

f4Gg0t_43 · Post by **f4Gg0t_43** » 27 Nov 2008, 10:11

Code: Select all

http://milw0rm.com/cracker/insert.php

Still_Learning · Post by **Still_Learning** » 27 Nov 2008, 12:50

yeah i know its not a MD5 hash... but how do i find out what kind of hash it is so i can crack it?.. it is a wargames mission im working on.. i've tried with ophcrack and does not seems to be a LM hash eaither

svyatko · Post by **svyatko** » 27 Nov 2008, 14:31

Still_Learning wrote:EbGguvEgrRavfNcvRprbsShpXvatCvFf

Well try rot13. I tried it and I am not sure if it's going to help you.
I'm not sure if they are trying to tell you it's not rot13 or it is. Is there more to the message?

rhysh · Post by **rhysh** » 27 Nov 2008, 16:17

actually maybe svyatko is right

where is this hash from,ive seen noob admins think that base64 encoding in their config files was gunna stop me from being able to know their passwords but,well i wonder how i got their sql acc and cpanel???

if it was from a php file did have this
base64_decode or
str_rot13 somewhere in it?

Still_Learning · Post by **Still_Learning** » 27 Nov 2008, 16:21

yes, it is not rot 13 eaither.. i got the same weird msg

"RoTthiRteEnisApiEceofFucKingPiSs"

allthough i've never heard of it until now, and it pretty interesting

rhysh · Post by **rhysh** » 27 Nov 2008, 16:22

where is the source you got the hash from,a config file?sql db?

Still_Learning · Post by **Still_Learning** » 27 Nov 2008, 18:35

yeah it was rot13 , i apologize.. i put in the wrong captcha code

rhysh; it is for a wargames site..

btw: how did you dtermine that it was rot13? is there a way to tell by how many characters the has it or by looking at the hash and seeing how many letters/numbers are in it, or do you just try the decode it with all the diffrent hash decoders? .. what is the easiest way to determine what kind of hash it is? thanks

rhysh · Post by **rhysh** » 27 Nov 2008, 19:28

md5=32 char
base64=na
rot13 i think shifts every 13th alphanumeric character or something
sha1 is 41 characters

usually i come across md5 hashes but phpbb3 uses sha1 other than that i dont get many sha1 hashes,also i usually just trade dbs, i dont bother with hash cracking unless they have alot of emails and the hashes arent salted,i hate salted md5s

Still_Learning · Post by **Still_Learning** » 27 Nov 2008, 21:22

thanks Rhysh, salted md5? is that when (*@&#^ like that are mixed in with the numbers / letters? if not what is the difference between a salted and regular md5?

rhysh · Post by **rhysh** » 27 Nov 2008, 22:18

no its where you require a certain key of generated data to go along with the hash,

look here:
http://www.comptechdoc.org/independent/ ... lting.html
without the salt a saltedhash is useless