.

Cracking salted MD5 hash

<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 70

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Fri May 17, 2013 8:11 am

Cracking salted MD5 hash

what are the steps one would take to crack a hash that starts with $1$. With some research i have found it is a salted MD5 but when i run john the ripper against the hash it finds nothing. I know the password for the specified hash but I am unable to actually get John to work. can someone explain the steps?

Thanks in advance.
C|EH,CPT
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Fri May 17, 2013 10:35 am

Re: Cracking salted MD5 hash

Can you provide the whole hash string and command you used?

Also, I have a video at the bottom of this page on JtR:

http://hackingdojo.com/pentest-media/
Last edited by Grendel on Fri May 17, 2013 10:38 am, edited 1 time in total.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 70

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Fri May 17, 2013 10:42 am

Re: Cracking salted MD5 hash

I'd rather not have customer data online. But the command I am using is john --wordlist=english.txt /root/(file name). From my understanding that should give me everything in the English dictionary. Now it did crack 3 passwords that are in the same file. I did notice none of them have numbers in them. Does john by default use numbers with a brute force attack? Or should I download a word list that includes numbers? If so do you have any recommendations on word list?
C|EH,CPT
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri May 17, 2013 11:01 am

Re: Cracking salted MD5 hash

Try the "--rules" option in John. That will mangle the words in your dictionary with some default rules in your john.conf file. There are also some very useful rule sets released by Kore Logic a few years back. You can find them here:

http://contest-2010.korelogic.com/rules.html


I use a "for loop" to go through and use all those rules similar to this:

  Code:
for rules in `grep KoreLogicRules /etc/john/john.conf | cut -f2 -d: | cut -d\] -f1`; do john --session=kore --format=<format> --wordlist=<wordlist> --rules=$rules <hashfile>; done


Obviously, you'll need to insert the proper fields into your command, but you get the idea.

Hope that helps!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 70

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Fri May 17, 2013 2:12 pm

Re: Cracking salted MD5 hash

HA I got it with a little research and help from the rockyou.txt wordlist I was able to crack it! Come to find out the password had numbers in it while the other were standard words! This is why i love this field lol

Thanks for your replies!
C|EH,CPT

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 4 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software