how to obtain hashes

moudy · Post by **moudy** » 17 Feb 2009, 17:32

hello every one
i was reading alot on the forums the word hashed password, i did some googeling and figured out more about this issue, like salting and stuff...
my question is, how exactly could hashes be figured out ? is breaking into a website's server the only way ? or there are other ways ?
i was wondering if packet sniffers have any role in this; coz im focusing my learning experience in such stuff.
Thanks for any info

Post by **computathug** » 17 Feb 2009, 20:07

OK so you see the point of hashes....

Now there are different types of hashes as we know but look at the like a house.

We have a house that's open....no password
House that's locked .... password
House with a burglar alarm... hashed password
House with alarm and alarm and movement and heat sensors etc etc .......salted password.

The more we discover the more we learn

Post by **bad_brain** » 18 Feb 2009, 05:09

well, you don't need to "break in" to a server, SQL injection for example is often used to retrieve password hashes, it is done with a little script or even trhough a browser request...of course there have to be a security flaw on the website that can be exploited.
take a look here:
http://en.wikipedia.org/wiki/SQL_injection

moudy · Post by **moudy** » 18 Feb 2009, 07:06

hehe nice description computathug

Thanks alot for the data B_B. I gauss now i have to learn some PHP and stuff...