Password Cracking [trick aka saywhat?
================================================== =
Passwords are usually stored in a database, when a person tries to login to a website the password inserted into the Password box checks if it macthes with the password in the database if it doesn't you cant login, these password in the database are Encrypted unless the website has a weak login system in that case they will be in PlainText.
PlainText Password are Passwords that dont need cracking they are in clear readable format like this: Username: trick Password: lol321
Encrypted Passwords are Masked Passwords, usually looks like a long code, this makes it harder to crack and invisible to the human eye.
==================================================
Now you know What Passwords are and how they work, now i will show you how to crack passwords.
First of all you need access to the database of the site or some sort of access where you can see the password hash.
Once you have the Hash you need to identify what Type of Hash it is, here is a table that will help you know what hash you have:
------------------------------------------------------------------------------------
| Title | Hash Algorithm | Prefix | Table |
------------------------------------------------------------------------------------
| Beehive | md5($pass) | нет | USER |
| Intellect Board | md5($pass) | нет | User |
| IPB 1.x.x | md5($pass) | ibf_ | members |
| IPB 2.x.x | md5(md5($salt).md5($pass)) | ibf_ | members_converge |
| ITA Forum | md5($pass) | itaf_ | user |
| MercuryBoard | md5($pass) | mb_ | users |
| MiniBB | md5($pass) | minibbtable_ | users |
| myBB 1.2.x | md5(md5($salt).md5($pass)) | mybb_ | users |
| PBLang | md5($pass) | хеш для каждого пользователя хранится в файле /db/members/имя_юзера |
| phpBB | md5($pass) | phpbb_ | users |
| phpBB > 3.0.0 RC5 | md5(phpbb3) | phpbb_ | users |
| PhpMyForum | md5($pass) | pmf_ | user |
| PunBB 1.2.x | SHA-1 | нет | users |
| SMF 1.0.x | md5(HMAC) | smf_ | members |
| SMF 1.1.x | sha1($username.$pass) | smf_ | members |
| Snitz forums 2000 | SHA-256 | FORUM_ | MEMBERS |
| QuickSilver Forum | md5($pass) | qsf_ | users |
| UseBB | md5($pass) | usebb_ | members |
| Vanilla | md5($pass) | LUM_ | User |
| VBulletin | md5(md5($pass).$salt) | нет | user |
| VikingBoard | md5($pass) | vboard_ | member |
| W-Agora | md5($pass) | [название]_ | users |
| WWWThreads | DES(unix) | w3t_ | users |
| XMB Forum | md5($pass) | нет | members |
| YaBB | md5(HMAC) | yabbse_ | members |
------------------------------------------------------------------------------------
Code:
CMS / Billing Systems
------------------------------------------------------------------------------------
| Title | Hash Algorithm | Prefix | Table |
------------------------------------------------------------------------------------
| AboCMS | md5($pass) | нет | users |
| Bitrix | md5($pass) | проверить не удалось |
| DaneoCMS | md5($pass) | dn[версия]_ | users |
| DataLife Engine | md5(md5($pass)) | dle_ | users |
| e107 | md5(md5($pass)) | e107_ | user |
| Joomla | md5($pass) | jos_ | users |
| Joomla >=1.0.13 | md5($pass.$salt) | jos_ | users |
| Koobi CMS | md5($pass) | koobi_ | user |
| Koobi CMS >= 6 | md5(md5($pass)) | koobi_ | user |
| osCommerce | md5($salt.$pass) | нет | сustomers |
| PHP-Nuke | md5($pass) | nuke_ | authors |
| RunCMS | sha1($username.$pass) | runcms_ | users |
| Slaed CMS | md5($pass) | slaed_ | users |
| Wordpress | md5($pass) | wp_ | users |
| Wordpress >= 2.5 | md5(phpbb3) | wp_ | users |
| XOOPS | md5($pass) | xoops_ | users |
------------------------------------------------------------------------------------
The hash i have is from a SMF 1.1.6 Forum so therefore it will be a sha-1 Salt,
this is how my Hash Looks Like:
Code:
2db927d206060c7e591a4cb2db5e7e73a21511ba d5d2
This is my Sha-1 hash: 2db927d206060c7e591a4cb2db5e7e73a21511ba
And this is My Salt: d5d2
And because its from a smf Forum i will need the Username too - Username: smartz993
Now we have The password Hash we need to crack it, to do so i will use a program Called Password Pro which can be downloaded from http://p0ison.org/forum/showthread.php?p=325#post325
Open the Program and click the ADD HASH BUTTON (9th button)
Make sure you fill this section in properly
Add the Hash the Salt And type of Hash and username if needed then click add
Now we Must Choose what type of Attack we are going to use to Crack the password (read this list and choose a type of attack which you think is suitable)
Preliminary Attack
This type of attack is the quick check of user hashes for a match to simple passwords like – "123", "qwerty", "99999", etc. as well as to passwords found earlier and stored in the "PasswordsPro.dic" file.
Brute Force Attack
This type of attack is the total check of all possible password values.
Brute force attack also includes the distributed attack. This type of attack allows using multiple computers for the recovery of passwords, distributing the recovery calculation load among them. This type of attack takes off automatically when user provides more than one computer for facilitating the attack. At the same time, the range selection feature becomes available for the current computer. So, to start a distributed attack, you'd have to:
1. Run this program on several computers.
2. Choose how many computers are to facilitate the attack.
3. Set the same attack options on all computers that are to facilitate the attack.
4. Choose an individual passwords attack range for each of the computers.
5. Launch brute force attack on all computers.
Mask Attack
This type of password attack is used when user possesses partial information about the lost password. For example:
– Password begins with the "12345" character combination.
– First 4 characters of the password are numbers, others are Latin letters;
– And so on.
For that purpose, define the mask for every character of the password to be recovered in the mask attack settings. Symbolic notations of standard or custom character sets – ?u, ?d, ?2, etc. – are used as mask characters (see the Character sets tab in program options).
Simple Dictionary Attack
This type of attack is the attempt to find the hash match in text files – dictionaries.
Combined Dictionary Attack
This type of attack includes the validation of passwords made of several words taken from different dictionaries. This attack allows to recover complex passwords like "superadmin", "admin*admin", etc.
Hybrid Dictionary Attack
This type of attack allows changing passwords from the dictionaries (for example, shift password to upper case, append '1' to the end of the password, etc.) and to validate them as users passwords. The actions performed over the source passwords are the so-called "rules" – the full list of these rules can be found in the "Rules.txt" file in the software installation archive.
Rainbow Attack
This type of attack uses the Rainbow technology (http://project-rainbowcrack.com/) for creating pre-calculated tables.
Once you know what type of Attack to use click AUDIT and click what Type of Attack is suitable for you. then click Start Attack
Wait until a pop-up Box comes up and says ALL PASSWORDS FOUND!
(this can take from a few minutes to a few days)
Passwords are usually stored in a database, when a person tries to login to a website the password inserted into the Password box checks if it macthes with the password in the database if it doesn't you cant login, these password in the database are Encrypted unless the website has a weak login system in that case they will be in PlainText.
PlainText Password are Passwords that dont need cracking they are in clear readable format like this: Username: trick Password: lol321
Encrypted Passwords are Masked Passwords, usually looks like a long code, this makes it harder to crack and invisible to the human eye.
==================================================
Now you know What Passwords are and how they work, now i will show you how to crack passwords.
First of all you need access to the database of the site or some sort of access where you can see the password hash.
Once you have the Hash you need to identify what Type of Hash it is, here is a table that will help you know what hash you have:
------------------------------------------------------------------------------------
| Title | Hash Algorithm | Prefix | Table |
------------------------------------------------------------------------------------
| Beehive | md5($pass) | нет | USER |
| Intellect Board | md5($pass) | нет | User |
| IPB 1.x.x | md5($pass) | ibf_ | members |
| IPB 2.x.x | md5(md5($salt).md5($pass)) | ibf_ | members_converge |
| ITA Forum | md5($pass) | itaf_ | user |
| MercuryBoard | md5($pass) | mb_ | users |
| MiniBB | md5($pass) | minibbtable_ | users |
| myBB 1.2.x | md5(md5($salt).md5($pass)) | mybb_ | users |
| PBLang | md5($pass) | хеш для каждого пользователя хранится в файле /db/members/имя_юзера |
| phpBB | md5($pass) | phpbb_ | users |
| phpBB > 3.0.0 RC5 | md5(phpbb3) | phpbb_ | users |
| PhpMyForum | md5($pass) | pmf_ | user |
| PunBB 1.2.x | SHA-1 | нет | users |
| SMF 1.0.x | md5(HMAC) | smf_ | members |
| SMF 1.1.x | sha1($username.$pass) | smf_ | members |
| Snitz forums 2000 | SHA-256 | FORUM_ | MEMBERS |
| QuickSilver Forum | md5($pass) | qsf_ | users |
| UseBB | md5($pass) | usebb_ | members |
| Vanilla | md5($pass) | LUM_ | User |
| VBulletin | md5(md5($pass).$salt) | нет | user |
| VikingBoard | md5($pass) | vboard_ | member |
| W-Agora | md5($pass) | [название]_ | users |
| WWWThreads | DES(unix) | w3t_ | users |
| XMB Forum | md5($pass) | нет | members |
| YaBB | md5(HMAC) | yabbse_ | members |
------------------------------------------------------------------------------------
Code:
CMS / Billing Systems
------------------------------------------------------------------------------------
| Title | Hash Algorithm | Prefix | Table |
------------------------------------------------------------------------------------
| AboCMS | md5($pass) | нет | users |
| Bitrix | md5($pass) | проверить не удалось |
| DaneoCMS | md5($pass) | dn[версия]_ | users |
| DataLife Engine | md5(md5($pass)) | dle_ | users |
| e107 | md5(md5($pass)) | e107_ | user |
| Joomla | md5($pass) | jos_ | users |
| Joomla >=1.0.13 | md5($pass.$salt) | jos_ | users |
| Koobi CMS | md5($pass) | koobi_ | user |
| Koobi CMS >= 6 | md5(md5($pass)) | koobi_ | user |
| osCommerce | md5($salt.$pass) | нет | сustomers |
| PHP-Nuke | md5($pass) | nuke_ | authors |
| RunCMS | sha1($username.$pass) | runcms_ | users |
| Slaed CMS | md5($pass) | slaed_ | users |
| Wordpress | md5($pass) | wp_ | users |
| Wordpress >= 2.5 | md5(phpbb3) | wp_ | users |
| XOOPS | md5($pass) | xoops_ | users |
------------------------------------------------------------------------------------
The hash i have is from a SMF 1.1.6 Forum so therefore it will be a sha-1 Salt,
this is how my Hash Looks Like:
Code:
2db927d206060c7e591a4cb2db5e7e73a21511ba d5d2
This is my Sha-1 hash: 2db927d206060c7e591a4cb2db5e7e73a21511ba
And this is My Salt: d5d2
And because its from a smf Forum i will need the Username too - Username: smartz993
Now we have The password Hash we need to crack it, to do so i will use a program Called Password Pro which can be downloaded from http://p0ison.org/forum/showthread.php?p=325#post325
Open the Program and click the ADD HASH BUTTON (9th button)
Make sure you fill this section in properly
Add the Hash the Salt And type of Hash and username if needed then click add
Now we Must Choose what type of Attack we are going to use to Crack the password (read this list and choose a type of attack which you think is suitable)
Preliminary Attack
This type of attack is the quick check of user hashes for a match to simple passwords like – "123", "qwerty", "99999", etc. as well as to passwords found earlier and stored in the "PasswordsPro.dic" file.
Brute Force Attack
This type of attack is the total check of all possible password values.
Brute force attack also includes the distributed attack. This type of attack allows using multiple computers for the recovery of passwords, distributing the recovery calculation load among them. This type of attack takes off automatically when user provides more than one computer for facilitating the attack. At the same time, the range selection feature becomes available for the current computer. So, to start a distributed attack, you'd have to:
1. Run this program on several computers.
2. Choose how many computers are to facilitate the attack.
3. Set the same attack options on all computers that are to facilitate the attack.
4. Choose an individual passwords attack range for each of the computers.
5. Launch brute force attack on all computers.
Mask Attack
This type of password attack is used when user possesses partial information about the lost password. For example:
– Password begins with the "12345" character combination.
– First 4 characters of the password are numbers, others are Latin letters;
– And so on.
For that purpose, define the mask for every character of the password to be recovered in the mask attack settings. Symbolic notations of standard or custom character sets – ?u, ?d, ?2, etc. – are used as mask characters (see the Character sets tab in program options).
Simple Dictionary Attack
This type of attack is the attempt to find the hash match in text files – dictionaries.
Combined Dictionary Attack
This type of attack includes the validation of passwords made of several words taken from different dictionaries. This attack allows to recover complex passwords like "superadmin", "admin*admin", etc.
Hybrid Dictionary Attack
This type of attack allows changing passwords from the dictionaries (for example, shift password to upper case, append '1' to the end of the password, etc.) and to validate them as users passwords. The actions performed over the source passwords are the so-called "rules" – the full list of these rules can be found in the "Rules.txt" file in the software installation archive.
Rainbow Attack
This type of attack uses the Rainbow technology (http://project-rainbowcrack.com/) for creating pre-calculated tables.
Once you know what type of Attack to use click AUDIT and click what Type of Attack is suitable for you. then click Start Attack
Wait until a pop-up Box comes up and says ALL PASSWORDS FOUND!
(this can take from a few minutes to a few days)
Comments
Post a Comment