Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Aug 2011 08:42:41 -0400
From: Chao Mu <chao.mu@...orcrash.com>
To: john-users@...ts.openwall.com
Subject: Re: Vbulletin hashes with more than 3 chars salt

My memory may be wrong, but try md5-gen(7) and specify a delimiter that is
not in the salt.
On Aug 16, 2011 8:24 AM, "firstname lastname" <psykosonik_frequenz@...oo.com>
wrote:
> Hi All,
>
> I want to know if there's a possibility to crack VBulletin hashes with
more than 3 char salt.
>
> I can use JTR to successfully crack VB hashes with a 3 char salt.
>
> From what I know, md5_gen(6) doesn't check for the salt length while
cracking. However, it doesn't work with salt lengths greater than 3 either.
>
> Some example hashes:
>
> 671347ef2477b0de65b7d3090b74271f:m;O`bs]j+tl~U4+$j+Gto=YK=*g-:d
> d726d8405f5e38a6452aff9e7378b4d6:>b&y/g6WDVdb:vqD[NKY7v.+&o<6#
> 83d1994655d58be430bfa96b1e816284:enp)t1yev,ly=R"7\>X<;0*.5+#p$j
> a75604023723df61b7288380eeb9e9c4:#1:RWakb|;8!eWMqhh@...m4[UtE_E
> 4967093e7eb764f8652512624cf40935:@n6)`#;AVg/!^s?w_[}*Lf?")Yl?^_
> ad05d8e1ae087239b366e76834f93dd9:|:yoL3L%CM@%"bb.K(7rE~>0d(4Xy%
> 6e36748b726aa206c3d28b8213a45f39:Fp{~P3;3d4.\u(x0jiI)cl#Gr7uo,Z
> e89d6004a9633802b1a55117aee866cc:*XK4@...vuP-x29y)1emOa:QpO*"bv
>
> I have the cracked hashes' passwords. So, I put those plain texts in a
file and used it as a wordlist to see if JTR can crack them using
md5_gen(6).
>
> It didn't work!
>
> Is there a patch which has been developed for these kind of VB hashes or
is it being developed?
>
> Thanks.
>
> Regards,
> NeonFlash

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.