KoNh
Sep 3 2003, 09:28 PM
Well was just wondering how we could brite force serv-u
password having the ini file, i know that is use a 128 bit
encryption / MD5 and i was looking fo an MD5 brutforce
cracker, like John the ripper for unix password, I know
that thissubject comes very often on a lot board, but i
like when things comes to difficult stuff, and am sur it is ^^
thnxs for anu clue...
By the way will try cain to try to break it...
ComSec
Sep 3 2003, 10:01 PM
| QUOTE (KoNhrhobanan @ Sep 3 2003, 09:28 PM) |
By the way will try cain to try to break it... |
LOL..you answered your own question
KoNh
Sep 3 2003, 10:10 PM
| QUOTE (ComSec @ Sep 3 2003, 10:01 PM) |
| QUOTE (KoNhrhobanan @ Sep 3 2003, 09:28 PM) |
By the way will try cain to try to break it... |
LOL..you answered your own question
|
^^ lol well the thing is htat am not used to use
that kind off progy so that am a lil lost when looking at all that .... stuff ???
anybody with experience with cain ?? thnxs ^^
ComSec
Sep 3 2003, 11:17 PM
well save the hashes to a file open cain and load them.. it will crack various MD hashes
md5 md4 md2 , cram, apop, etc etc
you can brute force or dict crack...its pretty straight forward
biggest problem is the time.. depending on the password strength can take minutes ,hours or days
well worth a try
VamPs
Sep 4 2003, 01:14 AM
err i dun think serv-u uses md5 m8. most web boards do.
but their is a serv-u cracker out there, got 1 on a chinese site just recently...
pretty sure not md5 tho
if u wanna crack md5 dun use john or that stuff, there is a special cracker named md5crack i think..
cracks like 4 letters in like 20 seconds
apusnaias
Sep 4 2003, 09:33 AM
i don't know the encryption of servu pwd.
here is mdcrack if you need
it cracks md4, md5 and ntlm1 .
MDCrackenjoy
crackie
Sep 4 2003, 03:03 PM
sb pls write nfo to crack serv-u pws tried everything but nothing works !
GOT IT
mdcrack.exe -V (yd)2B7B9EE515C3546308EF9F09B268B5AE
u clear the first 2 letters and u will get it in a few hours
e.g. this password is (f u c k) ! u have to leave (yd) out !
=k3Rn=
Oct 28 2003, 03:15 PM
can you use @stake lc4 also ?
if so, how do i import the adminpass from servu.ini ?
i'll test mdcrack.exe now! thx for sharing.
Peter Schmidt
Oct 28 2003, 04:13 PM
no, lc4 is not able to crack md5 passwords.
schnibble
Oct 29 2003, 02:41 AM
Im looking for FreeBSD MD5 password cracker, which is not JTR (John The Ripper).
Is there some faster tool? Something like SAMInside for NT? That is written in assembler or something?
2000 keys/sec is too slow for bruteforce...
=k3Rn=
Oct 29 2003, 02:20 AM
just tested mdcrack with a passwordlength of 3 chars.
seems to work really fine.
i also visited the authors website, there i read that an 8 char password consisting of a-z;A-Z;0-9 might take 490 day or something. (to take the example of servu passwords, it's most likely that you can't determin a smaller charset)
if so, are there faster md5 crackers or might it be possible to cluster it somehow to have more comps cracking it?
greetz
=k3Rn=
=k3Rn=
Oct 30 2003, 05:11 AM
| QUOTE |
mdcrack.exe -V (yd)2B7B9EE515C3546308EF9F09B268B5AE
u clear the first 2 letters and u will get it in a few hours
e.g. this password is (f u c k) ! u have to leave (yd) out ! |
this really seems to work.
but the problem is that the two first letters (that you know because you left em out) are inside the key to be decoded. so what i want to say is that if you want to crack a 6char password, mdcrack has to crack a 8char password - you know.
os much more time if i understand that right.
can't you do that somehow different ?
greetz
=k3Rn=
Sh4dowWalker
Nov 17 2003, 12:37 PM
For me mdcrack doesn't work. I've tried few passes and without any luck (salt was substracted before cracking; it was a long time ago and i don't have these passes now).
I've read somewhere that Serv-U encrypts its passes with md5 and then hexes the hashes in someway.
P.S. If i remember correctly these passes i was trying were encrypted using servu 4.x. And with which ServU version were encrypted yours passes?
Devil
Nov 18 2003, 08:08 AM
didnīt have any luck....probely because iīm not sure what code these are!!
qc828E090B85DC209B3FC7CC50D8584517
bbD0B54811F097DF6578FA7527DE84ED01
xp99025BD2BD982FD8507ADDF56A212088
keep getting this!!
<<System>> MDcrack v1.2 is starting.
<<Error>> A md5 digest must have 16 bytes length (32 ascii digits from 0 to F).
can somebody help me out on this please??
Thx
Devil
Sh4dowWalker
Nov 18 2003, 12:33 PM
| QUOTE (Devil @ Nov 18 2003, 10:08 AM) |
didnīt have any luck....probely because iīm not sure what code these are!!
qc828E090B85DC209B3FC7CC50D8584517
bbD0B54811F097DF6578FA7527DE84ED01
xp99025BD2BD982FD8507ADDF56A212088
keep getting this!!
<<System>> MDcrack v1.2 is starting.
<<Error>> A md5 digest must have 16 bytes length (32 ascii digits from 0 to F).
can somebody help me out on this please??
Thx
Devil |
Use only these for mdcrack:
828E090B85DC209B3FC7CC50D8584517
D0B54811F097DF6578FA7527DE84ED01
99025BD2BD982FD8507ADDF56A212088
the first two letters are so called 'salt' and aren't needed for mdcrack.
fastburner
Nov 18 2003, 12:47 PM
try CAIN
http://www.oxid.it/ over 3000000 pass/sek
very fast and stable
Devil
Nov 18 2003, 11:24 PM
thx for the tip....now its working for me!!!
thanatos
Nov 19 2003, 04:32 AM
Est-ce que quelqu'un peux expliquer clairement comment y arrivé? merci
Somebody can explain clearly how y arrived? thx
Andy
Dec 3 2003, 12:19 AM
y? what y?
Double-=V=-
Feb 29 2004, 09:49 PM
It doesn't work for me, i think the new serv-u uses different encryption.
hashes serv-u: 2D56B323E4B25E285CD88F18C50A3D5C
caine md5 hashes = 3D801AA532C1CEC3EE82D87A99FDF63F
Both the password is temp.
Mdcrack works however.
linuxwolf
Mar 1 2004, 07:50 AM
hrm. i'm not sure what serv-u does to hide it's passes but ill browse through the documentation, bound to be somthin more there. =\~
hvynjar
Mar 10 2004, 08:32 PM
serv-u adds the first two lowercase characters from the hash (which are generated the first time you make a password) to the beginning of the password, and then md5 hash it
example:
pe9BAB288332AB2DB1362EEB1DF462DE2C would be a serv-u stored password for "test", which in fact is the md5 hash of "petest" with "pe" added at the beginning so serv-u will know what characters it needs to add to the password to get the correct hash
made a quick script to generate passwords:
http://home.no.net/~fritzer1/servu.phpso cain probably does it differently while mdcrack does the same, since you end up getting different hashes
kronk
Mar 10 2004, 09:37 PM
mdcrack is much easier to use to crack the servu hashes. Just use the following:
mdcrack -s 'abcdefghijklmnopqrstuvwxyz' -b bb D0B54811F097DF6578FA7527DE84ED01
where bb will be added to the actual password in the result. This one crack for me in about 200 seconds on a 1Ghz machine.
I used the -s option to reduce the size of the characterset to brute force.
DyNaMiTe
Mar 17 2004, 08:49 PM
hmm i think its bad to try see the other peoples pass in serv-u...
Anyway nice tutorial...
fre4k
Mar 17 2004, 10:22 PM
Rehackers are no nice persons ^^
DaClueless
Mar 18 2004, 12:31 AM
| QUOTE (fre4k @ Mar 17 2004, 10:22 PM) |
| Rehackers are no nice persons ^^ |
I agree, that why I feel we shouldnt really talk about:
How to be come a BACKSTABER, by hacking other people pubsJust my 2.1 cents
sebas1234
Mar 18 2004, 01:29 AM
lol
can someone put it back up so i can download it?
thanks
Loxy
Mar 18 2004, 09:25 AM
Yes.. would someone be kind and post another download link for mdcrack? ; )
TIA
LiQuid
Mar 18 2004, 10:13 AM
sebas1234
Mar 19 2004, 04:17 AM
k this turned out to be a bit confusing
i saw 3 different people with 3 different ways to work mdcrack
DaClueless
Mar 19 2004, 04:30 AM
| QUOTE (sebas1234 @ Mar 19 2004, 04:17 AM) |
k this turned out to be a bit confusing
i saw 3 different people with 3 different ways to work mdcrack |
HINT: Read the readme that come with mdcrack
gman24
Mar 19 2004, 04:46 AM
| QUOTE (=k3Rn= @ Oct 29 2003, 10:11 PM) |
| QUOTE | mdcrack.exe -V (yd)2B7B9EE515C3546308EF9F09B268B5AE
u clear the first 2 letters and u will get it in a few hours
e.g. this password is (f u c k) ! u have to leave (yd) out ! |
this really seems to work.
but the problem is that the two first letters (that you know because you left em out) are inside the key to be decoded. so what i want to say is that if you want to crack a 6char password, mdcrack has to crack a 8char password - you know.
os much more time if i understand that right.
can't you do that somehow different ?
greetz
=k3Rn=
|
mdcrack -b yd 2B7B9EE515C3546308EF9F09B268B5AE
Will crack in a few seconds
-b prepends whatever in this case yd to each pass
"the first two letters are so called 'salt' and aren't needed for mdcrack."
No but if you use the option above it will crack alot faster
Edit:
Just saw this post it has already been mentioned by kronk
| QUOTE |
mdcrack is much easier to use to crack the servu hashes. Just use the following:
mdcrack -s 'abcdefghijklmnopqrstuvwxyz' -b bb D0B54811F097DF6578FA7527DE84ED01
where bb will be added to the actual password in the result. This one crack for me in about 200 seconds on a 1Ghz machine.
I used the -s option to reduce the size of the characterset to brute force.
|
Loxy
Mar 19 2004, 07:44 AM
I found a ServUDaemon.ini on a box I run, and has something I have never seen in it.(Following) I'm just wondering how I would go about cracking this, and what this SKEY/OPT thing is? Something new in 5.0 maybe? Thanks in advance. ; )
[USER=admin|1]
Password=4C744A0C565D4E16540814030A595355170E
Maintenance=System
PasswordType=OTP S/KEY MD5
SKEYValues=0 0 EF9DDC99C42FBCFD 588 junk005
The Storm
Mar 19 2004, 08:17 AM
I`m not sure but i Think there are 2 keys eventually is one of them for syste mamintenance and the other one for ftp login ???
Andy
Mar 19 2004, 09:39 PM
what about v2.5? what about this?
aapje
Mar 19 2004, 10:15 PM
it works fine for me with cain...
Loxy
Mar 21 2004, 09:16 AM
aapje.. You cracked the password I posted with cain? or were you talking to someone else? If so, please tell me how, I am very interested in learning.
Gehaktbal
Mar 21 2004, 10:57 AM
hmm md5 works fine... but what about older passwords from older servu versions ? They are way diffrent. Coulndn't find info for wich encryption it is.
NickBR
Mar 25 2004, 03:26 AM
Hi how can i decode servu 2.5 password there are a little shorter
setthesun
May 28 2004, 11:20 AM
| QUOTE (Loxy @ Mar 19 2004, 07:44 AM) |
I found a ServUDaemon.ini on a box I run, and has something I have never seen in it.(Following) I'm just wondering how I would go about cracking this, and what this SKEY/OPT thing is? Something new in 5.0 maybe? Thanks in advance. ; )
[USER=admin|1]
Password=4C744A0C565D4E16540814030A595355170E
Maintenance=System
PasswordType=OTP S/KEY MD5
SKEYValues=0 0 EF9DDC99C42FBCFD 588 junk005 |
It could be late answer but it means FTP login encryption algorithm, Look at CuteFTP and see password encyptions. This is more secure than plaintext passwords on login.
illwill
Jun 2 2004, 03:04 AM
password is h4
r3L4x
Jun 2 2004, 03:59 AM
use PasswordsInside, best md5, md5 cracker in my opinion. Has fast burteforce, awsome dictionary attacks!
http://insidepro.com
Ecko
Jun 2 2004, 11:44 AM
this
| CODE |
mdcrack -s 'abcdefghijklmnopqrstuvwxyz' -b qj B351D8773544E1E325AF7C60E7AD2AB5
|
worked very nce to me
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
