.

MD5 with salt encryption

<<

xorf

Newbie
Newbie

Posts: 4

Joined: Sat Oct 13, 2007 5:14 am

Post Sat Oct 13, 2007 5:22 am

MD5 with salt encryption

I currently run a VBulletin community forum.

I only started to use cain, but it will not decrypt any of the MD5 hashes, even a very simple 5 dictionary character that i purposely added as a test.

is it because vbulletin uses salt along with the MD5?
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sat Oct 13, 2007 8:25 am

Re: MD5 with salt encryption

Hi Xorf,

I think that is the reason why you are unable to decrypt any of the MD5 hashes. vBulletin passwords are stored in the following format:

  Code:
$password_hash = md5(md5($password_text) . $user_salt);


Note - $user_salt is a random three character string stored in the user table as 'salt'.
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

xorf

Newbie
Newbie

Posts: 4

Joined: Sat Oct 13, 2007 5:14 am

Post Sat Oct 13, 2007 8:39 am

Re: MD5 with salt encryption

Hey Morpheus,

Ya i noticed the string within the table. a combination of a-z A-Z 0-9 and a symbol

is there a way to decrypt the MD5 hash even if it is further encrypted with slat?
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Sat Oct 13, 2007 7:17 pm

Re: MD5 with salt encryption

Yahoo mail used to use the exact same method to hash their passwords. Google for a program called Ycrack (dictionary attack tool), it should work for your situation - just substitute your $user_salt string for the challenge string that Yahoo used.

P.S. - If you want to speed up Ycrack, delete the line
  Code:
printf("Trying:%s\n",string);

before compiling it.

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software