What crypto hash function is used…

Viewing 11 reply threads
  • Author
    Posts
    • #8146
      cb122
      Participant

      Is it at all possible for a trained eye to be able to determine which cryptographic hash function is used to hash users passwords in a database table for a specific application. We have an application that doesn’t use oracles default authentication so the application user hashes aren’t stored within $sys.users, they are in a random table specific to the application.  My question is, if you can see the hashes in that table, could you tell which hash function hashed them? Or is there a tool to feed the hash into and for it to tell you which hash function hashed these passwords? Its hard to identify a tool to run dictionary password tests over if you don’t know what hash function is used.

    • #51538
      cd1zz
      Participant

      There is a tool called hash_id.py in backtrack that will do exactly that.

      /pentest/passwords/hash-identifier/

    • #51539
      cb122
      Participant

      Thanks for the reply. Is there anyway to use that tool “outside” of the backtrack framework tool? Would you need to export the hashes first, how does the process work, how are the hashes “fed in” to the tool? Please excuse my ignorance as I’m new to this.

    • #51540
      cd1zz
      Participant

      Just use fgdump on a non-critical DC: http://www.foofus.net/~fizzgig/fgdump/

      I say “non critical” because LSASS has been known to crash.

      This will dump all the domain hashes to a text file and then use them in whatever tool you want, wherever it lives.

      This will get flagged by your AV so be sure to shut it down first.

    • #51541
      caissyd
      Participant

      Thanks cd1zz for the replay, I didn’t know about this tool.

      And cd122 stoled cd1zz username!! I see double now…  😀

    • #51542
      lorddicranius
      Participant

      @H1t M0nk3y wrote:

      And cd122 stoled cd1zz username!! I see double now…  😀

      cb122 😉  Close enough, had me doing a double-take haha

    • #51543
      caissyd
      Participant

      Now you all now that I am dyslexic… I mix my d, b, p and q, along with u, n and m…

      I hate that!!!  :-[

    • #51544
      lorddicranius
      Participant

      Well now I feel like an asshole… :-[

    • #51545
      caissyd
      Participant

      No, don’t feel bad!!

      Sorry about this, I re-read my last post and I appologize, I really didn’t mean to make you feel bad.

      I hate being dyslexic, but I didn’t hate your comment.

      Sorry about the confusion, it’s my fault.  😉

    • #51546
      lorddicranius
      Participant

      Oh good *phew* (re: your feelings about my comment) 🙂

      @cd1zz wrote:

      There is a tool called hash_id.py in backtrack that will do exactly that.

      /pentest/passwords/hash-identifier/

      I didn’t know about this tool, thanks!

    • #51547
      caissyd
      Participant

      Ouff, I will try to read my emails twice next time!  😀

    • #51548
      dynamik
      Participant
Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?