GroundZero
Feb 2 2004, 10:20 PM
Hello guys....
Short Question, what kind of passwd style is this?
moe4vw@aol.com:2DTNyYXQS6G3g:hamada
I know this is the mail: moe4vw@aol.com
this is the login name : hamada
and what kind of pass is this: 2DTNyYXQS6G3g: ??
and give it a cracker for this encrypted pass style?
Please poste...
atomix
Feb 3 2004, 05:24 AM
its standard DES encryption. can be easily cracked with john the ripper. that password decryped = "2480".
. of course without quptes
JEvel
Feb 3 2004, 03:11 PM
how can i decrypt this?
4B753F6E40BDEFFDED9B5032
[_0z_]
Feb 3 2004, 04:16 PM
that looks like it could be des as well, put that crypted text into a string like that aol one, and stick it into JTR.
aspfreakout
Feb 3 2004, 05:04 PM
I can't start a new topic so I'll ask my question here:
With a php-nuke exploit I found some usernames and passes,
for example
username: deeeep
pass: 1cbff3d2bdcc7486cc38d9edd9c024df
I made a file like this:
deeeep:1cbff3d2bdcc7486cc38d9edd9c024df
started John The ripper (works well usually)
and it said '2 passwords loaded' when there was only one.
Why does JTR think this while there's only one,
and how do I solve it
Thx
JEvel
Feb 3 2004, 05:29 PM
I dont understand how to use JTR.. I have read the readme and the examples but i cant understand...
plz help me?
Install it and then go to DOS and then navigate to it. Dir lists the current directory and CD to change directory.
ComSEC has written a basic JTR tutorial. Should find it if you search the site.
Kynroxes
Feb 3 2004, 08:28 PM
JTR the best !!
JEvel
Feb 3 2004, 08:40 PM
I have read that manual now and it wass good.. but I think its not working becaus i have crackt it for 1h now with out results...
what can i do?
And i have the same problem as aspfreakout. I only have 1 password but it says that its 2..
GroundZero password works to crack for me...
nulladd
Feb 3 2004, 08:46 PM
| QUOTE (aspfreakout @ Feb 4 2004, 04:04 AM) |
I can't start a new topic so I'll ask my question here:
With a php-nuke exploit I found some usernames and passes,
for example
username: deeeep
pass: 1cbff3d2bdcc7486cc38d9edd9c024df
I made a file like this:
deeeep:1cbff3d2bdcc7486cc38d9edd9c024df
started John The ripper (works well usually)
and it said '2 passwords loaded' when there was only one.
Why does JTR think this while there's only one,
and how do I solve it
Thx |
nevermind about JTR the password is 'satya'
also mdcrack is faster for md5 (unless ur doin precomputed tables)
atomix
Feb 3 2004, 09:35 PM
on my win box, i dont fancy mdcrack 2 much. like i like the whole thing, but hate the part where it lags u to death. cain and abel is an alternative.
Yorn
Feb 4 2004, 06:16 AM
I'd like to see a similar tutorial for md5crack. I can't, for the life of me, figure out how to run a dictionary scan on md5 hashes. I know, I know, it sounds horrible, but John the Ripper isn't exactly MD5 friendly and md5crack doesn't explain dictionary scans at all. I've actually thought about creating a php app to just do a dictionary scan for me.
In the meantime I'm just working on MD5 tables with rainbow crack. God do they take forever, though.
nulladd
Feb 4 2004, 12:09 PM
| QUOTE (Yorn @ Feb 4 2004, 05:16 PM) |
I'd like to see a similar tutorial for md5crack. I can't, for the life of me, figure out how to run a dictionary scan on md5 hashes. I know, I know, it sounds horrible, but John the Ripper isn't exactly MD5 friendly and md5crack doesn't explain dictionary scans at all. I've actually thought about creating a php app to just do a dictionary scan for me.
In the meantime I'm just working on MD5 tables with rainbow crack. God do they take forever, though. |
i have reviewed some useful tools
here and there is also a gui for mdcrack
also mdcrack doesnt support dictionary yet (read the reviews on the site for other dictionary attack programs)
aspfreakout
Feb 4 2004, 07:48 PM
btw: thx for the pass, I'll try mdcrack.
I love JTR but it sometimes just doesn't work (like it sees 2 passes or it gives a read error)
JEvel
Feb 5 2004, 12:32 AM
can anyone decrypt this password for me I have tryed with JTR and it willl not work
pass: 4B753F6E40BDEFFDED9B5032
if you dont want to decrypt the password then you can tell me witch program i should use...
thx
TriHFH
Feb 5 2004, 08:11 AM
I advise you all to definitely look at pre-computated rainbow tables... you can generate them with a tool called RainbowCrack.. you'll find links all over this board. For instance, it took 4.06 seconds to crack the MD5 hash in the above post:
| QUOTE |
statistics
-------------------------------------------------------
plaintext found: 1 of 1 (100.00%)
total disk access time: 36.39 s
total cryptanalysis time: 4.09 s
total chain walk step: 3089279
total false alarm: 1487
total chain walk step due to false alarm: 1300419
result
-------------------------------------------------------
1cbff3d2bdcc7486cc38d9edd9c024df satya hex:7361747961 |
JEvel
Feb 5 2004, 06:32 PM
thx TriHFH
=============================
Do anyone know a _vti_pvt exploit text?
bearwithme
Feb 10 2004, 08:54 PM
31d6cd2038d2dfe0
Any ideas what type this would be? Its from a mySQL server.
Thanks.
nulladd
Feb 11 2004, 12:48 AM
| QUOTE (bearwithme @ Feb 11 2004, 07:54 AM) |
31d6cd2038d2dfe0
Any ideas what type this would be? Its from a mySQL server.
Thanks. |
use this
http://www.securiteam.com/tools/5YP0H0A40O.htmlit only source but will easily compile under windoze
bearwithme
Feb 11 2004, 06:07 AM
Thanks for the info Nulladd. Compiling now.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
