Government Security
Network Security Resources

Jump to content

Photo

How To Transform Salt+md5 To Real Md5


  • Please log in to reply
9 replies to this topic

#1 fredo

fredo

    Private

  • Members
  • 7 posts

Posted 13 February 2006 - 03:12 AM

I know mdcrack to décrypt a MD5 with a salt:

For exemple:
Password:t3eddy
MD5:aef72a0b9978ca81a606b662c7f43fc0
MD5+salt:if6C4BB3ABE1C843F8BB93469D312DB7F7

mdcrack -s "abcdefghijklmnopqrstuvwxyz0123456789" -M MD5 aef72a0b9978ca81a606b662c7f43fc0
Collision found ! => t3ddy

mdcrack -s "abcdefghijklmnopqrstuvwxyz0123456789" -b if -M MD5 6C4BB3ABE1C843F8BB93469D312DB7F7
Collision found ! => ift3ddy
here we can see salt+password

But I would like use my rainbow table to décrypt
So how can I convert MD5+salt to real MD5?

Thanks for your help

#2 kuza55

kuza55

    Corporal

  • Members
  • 161 posts

Posted 13 February 2006 - 03:22 AM

But I would like use my rainbow table to décrypt
So how can I convert MD5+salt to real MD5?

There is no way to remove the salt without knowing what was hashed in the first place (by either cracking it, doing a lookup on some rainbowtables, or whatever), if it were possible then salting passwords would be kind of pointless, no?

#3 fredo

fredo

    Private

  • Members
  • 7 posts

Posted 13 February 2006 - 03:52 AM

if mdcrack can decrypt a salt+MD5, I do not see why one could not recover the true MD5

#4 barabas

barabas

    Private First Class

  • Members
  • 44 posts

Posted 13 February 2006 - 05:28 AM

Unix MD5 style passwords use the "crypt" function. Old style crypt uses DES encryption. New style uses MD5 with a salt. Here the passwords is hashed twice with MD5 using a salt. Therefore it's not possible to retrieve the intermediate MD5 from a hashed password since you don't know what it is and you have nothing to compare it with.

What you can do is to crack the md5 password (remember: it's not reversed, it's just the same crypt function being used -BF or DIC -and the output being compared with the hash), and then perform half the crypt routine to get the initial MD5 hash. But there's no point in doing this since by then you already have the password.

http://www.users.zet...gs/md5crypt.txt

#5 kuza55

kuza55

    Corporal

  • Members
  • 161 posts

Posted 13 February 2006 - 12:33 PM

if mdcrack can decrypt a salt+MD5, I do not see why one could not recover the true MD5

Ok, I thought you were asking if you could remove the salt from the hashed salt+password without cracking it, my mistake.

To remove the salt after you crack it you need to know where the salt is inserted, and hopefully what it is, and from there you can easily remove it by simply removing the offending part, like in your example, just removing the first 2 characters (if), or do you mean something completely different?

#6 Nick W

Nick W

    First Sergeant

  • Members
  • 1,250 posts

Posted 13 February 2006 - 03:45 PM

You cannot figure out a salt from an md5 hash in any easy way.

Remember that MD5 is a one way hash. That means that you can never go back to the original or figure out the original by analyzing the MD5 hash. Instead, you have to use a word list or tons of sample inputs to try to match the hash.

Let's say I created a new hash called YornHash.

Here's the results:
YornHash("apple") = aw39jo98fjwoj3os3
YornHash("brick") = alksjerl9ij3l2i3n

Now, keeping that in mind:
YornHash($x) = 3kj4l349j34j03

What is $x?

You can't do it. It doesn't matter that this is a hash I just made up, it simply cannot be done given that YornHash uses a relatively difficult algorithm. So given that information, suppose $x actually equals $y + $z. It would make sense that if one cannot figure out $x, they also cannot figure out $y + $z. Given that $y is the salt, you're still never going to be able to compute YornHash($z).

That is why you can't figure out the salt, and thus cannot figure out "real" md5 of a salted hash. Your best bet would be to run a dictionary file against an entire website's md5 hash list and hope that you find two words, like "happytree" on one of the users. If you do, then there's the possibility that either "happy" or "tree" could be the salt. You could then compute tables based off of that.

Most salts are CONSIDERABLY more complicated than that, however.

#7 kuza55

kuza55

    Corporal

  • Members
  • 161 posts

Posted 13 February 2006 - 09:36 PM

That is why you can't figure out the salt, and thus cannot figure out "real" md5 of a salted hash. Your best bet would be to run a dictionary file against an entire website's md5 hash list and hope that you find two words, like "happytree" on one of the users. If you do, then there's the possibility that either "happy" or "tree" could be the salt. You could then compute tables based off of that.

Most salts are CONSIDERABLY more complicated than that, however.

Well, if you've got all the hashes its probably true that you've found some SQL injection flaw, from there you can dump a shell on the server, and then simply find out what salt is added (and how), and then get a cracker that supports rulesets, but thats more of an alternate solution that your theoretical one.

Also if its a public site you can always create an account, and use aveyr short password, then try to create some rulesets (again, cracker with rulesets) and see if you can break it, then when you do examine the result, and see how the hash was added, but yeah, its a better idea to see if you can find out the salt and where/how its added via some toher means than brute force....

#8 barabas

barabas

    Private First Class

  • Members
  • 44 posts

Posted 14 February 2006 - 05:24 AM

You cannot figure out a salt from an md5 hash in any easy way.


??

the salt in a MD5 crypt style hash is between the two $ signs.
just type the "info crypt" command on a linux shell:

<snip>
The SALT parameter does two things. Firstly, it selects which
algorithm is used, the MD5-based one or the DES-based one.
Secondly, it makes life harder for someone trying to guess
passwords against a file containing many passwords; without a
SALT, an intruder can make a guess, run `crypt' on it once, and
compare the result with all the passwords. With a SALT, the
intruder must run `crypt' once for each different salt.

For the MD5-based algorithm, the SALT should consist of the string
`$1$', followed by up to 8 characters, terminated by either
another `$' or the end of the string. The result of `crypt' will
be the SALT, followed by a `$' if the salt didn't end with one,

followed by 22 characters from the alphabet `./0-9A-Za-z', up to
34 characters total. Every character in the KEY is significant.

</snip>

#9 Nick W

Nick W

    First Sergeant

  • Members
  • 1,250 posts

Posted 15 February 2006 - 09:30 AM

Well, if you've got all the hashes its probably true that you've found some SQL injection flaw, from there you can dump a shell on the server, and then simply find out what salt is added (and how), and then get a cracker that supports rulesets, but thats more of an alternate solution that your theoretical one.


Yup, this is a very good point. If you can do SQL injection, it'd be easier to drop a shell if you can, or add yourself as a remote SQL user and do whatever mysql dumping to file you need in order to get a shell. From there you can add yourself as an admin or whatnot and view the config to figure out what the salt is. At that point though, what is the point of viewing the configs when you could just change the php files to save the passwords as they are written to a text file and when people log in you now have their passwords in clear text.

Also if its a public site you can always create an account, and use aveyr short password, then try to create some rulesets (again, cracker with rulesets) and see if you can break it, then when you do examine the result, and see how the hash was added, but yeah, its a better idea to see if you can find out the salt and where/how its added via some toher means than brute force....

Yeah, actually one trick I've considered trying is using "s" as a password (if you can) or "s%00%00%00" to pass whatever password requirements there are. Then you can view the hash and run your dictionary file. Depending on how the salt is implemented, a salt of "burn" might be concatenated to "burns", and even long and harder words like "pontificate" would be "pontificates" and still might get picked up with a dictionary run.

Something to think about anyway.

??

the salt in a MD5 crypt style hash is between the two $ signs.
just type the "info crypt" command on a linux shell:


I'm sorry, I was thinking his question was about a web application, not about cracking a Unix password.

#10 skrizwanali

skrizwanali

    Private

  • Members
  • 1 posts

Posted 25 December 2012 - 12:06 PM

can anybody help me decrypting the salted password '8591f715f7bbca99edada296b5c62dc3'..its really needed..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users