[x1`]

ok i cant get this to work
so whats fa948C78C24438E9F6BA4D5B756F7ACB37

it should be pass

[Nexus1155]

I've been looking for one of these thanks

[FiNaLBeTa]

gk0r, on Jan 22 2004, 09:48 PM, said:

I could be be bloodry wrong here, but ServU does NOT use MD5 for one thing.

And for another, with version 5.0 they've changed encryption method, wont be long until everybody upgrades, meh

I just tested it.
It's still an md5 hash with salt infront of it.

[phaeton]

All this talk about MD5 hash cracking, in my opinion John the Ripper (JtR) is the best cracker as it works through each hash against a set of logic rules, therefore it doesn't just blindly brute force it actually systematically works its way through different possibilities. I know this isnt directly related, but cracking a LM hash with LC4 took me 18 hours for a 9 char password, JtR took 5.

[MattMannLT]

ok now

can anyone help with how to crack an iroffer password

[FiNaLBeTa]

gk0r, on Jan 28 2004, 04:57 AM, said:

FiNaLBeTa, on Jan 25 2004, 09:45 PM, said:

I just tested it.
It's still an md5 hash with salt infront of it.

oh Yeah?

Well - this is MD5 hash of the same password: 7e7224816c9b2707759850155e649c29

and this is what's stored in Serv-U .INI file
ar5FDFC22B8C51C00E54BEE8B7EA7DE99C

Password is the same in both cases - it's a lot of salt if you ask me....

P.S. where do I know your nick form?

Look at those hashes, lets say the first is an md5 hash of the word "test"
but the second on is an md5 hash off "artest" the ar is the salt, and delivers a new hash.
Harder to brutefore, so you need mdcrack with salt option.

I havent actuely tested serv-u 5 on it, but i'm sure it's still the same, it looks like an md5 hash here.

PS: maybe you know me from NFE.

[fuzzard]

have u ever tried to find out how md5 works gk0r ??

md5 is made to be a one time hash. So u can redo teh same password over and over and u'll rarely get teh same hash. As the other dude said. Serv-u stores the "salt" with the stored hash so servu can then use that salt with the password provided by the user connecting and get an md5 hash, and then compare teh result with what is stored.

[FiNaLBeTa]

gk0r, on Jan 29 2004, 04:58 AM, said:

Look at both hashes once more.
Both of those are hashes of the same password.
First hash is hash provided by md5 hash feature in mysql (quickest way I knew to generate one since I run mysql locally anyway)
Second hash is hash generated by servu

Don't look same to me.

P.S. Did you use any other nicks?

no i don't use other nicks.

I'll explain it one more time, but slow.



If you make an acound in serv-u this is what happent

you make the pasword "test"

serv-u will then make an md5 hash of for example "latest"
it will look something like this : "5FDFC22B8C51C00E54BEE8B7EA7DE99C" using la as salt
but serv-u will save it in his ini like this : "la5FDFC22B8C51C00E54BEE8B7EA7DE99C"

when a user logs in ser-u will receive the pas "test" from the user, and it wil make and compare the md5 hash of "latest" with "5FDFC22B8C51C00E54BEE8B7EA7DE99C"

So the green is the salt, reason for it is... Bruteforcing takes alot longer if you would not have the salt. a pasword like "test" becomed a 6 char pasword if u use two salt chars.

PS: when generating an md5 hash for test, it will not always give the same has.

[nolimit]

Yea MD5 is a 1 way algorithm, But It doesn't change each time you run it through the algorithm, as someone said previously their would be no reason for authentication then.

[FiNaLBeTa]

gk0r, on Jan 31 2004, 05:51 AM, said:

FiNaLBeTa, on Jan 29 2004, 01:49 PM, said:

gk0r, on Jan 29 2004, 04:58 AM, said:

Look at both hashes once more.
Both of those are hashes of the same password.
First hash is hash provided by md5 hash feature in mysql (quickest way I knew to generate one since I run mysql locally anyway)
Second hash is hash generated by servu

Don't look same to me.

P.S. Did you use any other nicks?

no i don't use other nicks.

I'll explain it one more time, but slow.



If you make an acound in serv-u this is what happent

you make the pasword "test"

serv-u will then make an md5 hash of for example "latest"
it will look something like this : "5FDFC22B8C51C00E54BEE8B7EA7DE99C" using la as salt
but serv-u will save it in his ini like this : "la5FDFC22B8C51C00E54BEE8B7EA7DE99C"

when a user logs in ser-u will receive the pas "test" from the user, and it wil make and compare the md5 hash of "latest" with "5FDFC22B8C51C00E54BEE8B7EA7DE99C"

So the green is the salt, reason for it is... Bruteforcing takes alot longer if you would not have the salt. a pasword like "test" becomed a 6 char pasword if u use two salt chars.

PS: when generating an md5 hash for test, it will not always give the same has.

Slow is good.

It is obvious that MD5 hash of the same password will be identical regardless the time it was generated, correct? Otherwise it would be pointless to use it for authentication purposes, or any other for that matter.

Forget about the �la� for a second and look at the big picture. Try this for me. Get two sources of MD5 hashes. You can use MYSQL to generate one, or PERL, whatever turns you on. You can even use any windows application should you find one, or any net script. Generate hash of password �test� � generate it twice, from another source.

Then create user account on Serv-U with password �test� and see if there are any remote matches at all. You will see that the two hashes of true MD5 you�ve got will be different (completely) from the one you get from Serv-U. Which could only mean one thing � hash you receive from Serv-U is not really MD5 hash.

I don�t have time to dig around and match hashes to find out which encryption method Serv-U truly uses, however back at version 2.5 according to the guy who made Serv-U (Tommy) Serv-U used standard MD4/Crypt.

[EDIT]
I just found this page you can use to quickly generate MD5 hashes
http://www.sarnix.nl/md5/index.php - see what you get.

I explained slow, i can't do it any bether.
You just didn't read it.

and md5 hash of test , and an md5 hash of serv-u pasword "test" can't be thesame.

So if you have just proven that to the world, congrats, we already know.

[FiNaLBeTa]

here, i tested it, v5.0 still uses md5 encryption.


I made a pasword 123 in serv-u
the generated code was

Password=tg5D5E50C22BD32992937AFF199C01D47C
so the salt is "tg" and the md 5 hash is = 5D5E50C22BD32992937AFF199C01D47C

so when i brute the hash, the pasword i find wil be : tg123

Quote

C:\Documents and Settings\Administrator\Bureaublad\MDcrack>mdcrack -M MD5 -b tg
5D5E50C22BD32992937AFF199C01D47C

<<System>> MDcrack v1.2 is starting.
<<System>> Using default charset : abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH
JKLMNOPQRSTUWXYZ
<<System>> Max pass size = 12 >> Entering MD5 Core 1.

Password size: 3

Password size: 4

Password size: 5


----------------------------------------
Collision found ! => tg123


Collision(s) tested : 113427 in 0 second(s), 60 millisec, 0 microsec.
Average of 1890450.0 hashes/sec.