hello every one
i was reading alot on the forums the word hashed password, i did some googeling and figured out more about this issue, like salting and stuff...
my question is, how exactly could hashes be figured out ? is breaking into a website's server the only way ? or there are other ways ?
i was wondering if packet sniffers have any role in this; coz im focusing my learning experience in such stuff.
Thanks for any info
how to obtain hashes
how to obtain hashes
mahmoud_shihab@hotmail.com
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
OK so you see the point of hashes....
Now there are different types of hashes as we know but look at the like a house.
We have a house that's open....no password
House that's locked .... password
House with a burglar alarm... hashed password
House with alarm and alarm and movement and heat sensors etc etc .......salted password.
The more we discover the more we learn
Now there are different types of hashes as we know but look at the like a house.
We have a house that's open....no password
House that's locked .... password
House with a burglar alarm... hashed password
House with alarm and alarm and movement and heat sensors etc etc .......salted password.
The more we discover the more we learn
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, you don't need to "break in" to a server, SQL injection for example is often used to retrieve password hashes, it is done with a little script or even trhough a browser request...of course there have to be a security flaw on the website that can be exploited.
take a look here:
http://en.wikipedia.org/wiki/SQL_injection
take a look here:
http://en.wikipedia.org/wiki/SQL_injection