Penetration Testing mailing list archives
Re: get MD5-Hash from /etc/shadow file
From: "Morgan Reed" <morgan.s.reed () gmail com>
Date: Sat, 12 Apr 2008 22:41:50 +1000
On Fri, Apr 11, 2008 at 7:53 AM, markus sesser <security () sesser eu> wrote:
is it possible to get the md5 hash of shadow password? root:$1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt.:13979:0::::: i'm looking not for a tool like john, crack, ... i want to have a step by step instruction to get the md5 hash.
That is the MD5 hash; $1 - denotes MD5 $GXJzVR5J - 8 character salt $vS4wC7AW6hV8TvLu6Dtxt. - actual hash The $ symbols are field delimiters. The hash would have been generated by something similar to crypt("test", "$1$GXJzVR5J") look at 'man 3 crypt' for further details. I assume you want to learn how to crack the password? The only ways you can find the password from the hash are by rainbow tables or direct brute force, in this case given the 8 character salt the only real option is brute force, i.e. hash every possibility and compare the hash to this one; e.g. Pseudo code hash("a", "$1$GXJzVR5J") compare hash hash("b", "$1$GXJzVR5J") compare hash ... hash("aa", "$1$GXJzVR5J") compare hash hash("ab", "$1$GXJzVR5J") compare hash ... And so on. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Pen testing techniques, (continued)
- Re: Pen testing techniques Erik Harrison (Apr 11)
- Re: Pen testing techniques Joey Peloquin (Apr 11)
- Re: Pen testing techniques vtlists (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- RE: Pen testing techniques Jason (Apr 12)
- Re: Pen testing techniques Nathan Sportsman (Apr 12)
- Re: Pen testing techniques intel96 (Apr 09)
- get MD5-Hash from /etc/shadow file markus sesser (Apr 11)
- Re: get MD5-Hash from /etc/shadow file Razi Shaban (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Larry Offley (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Morgan Reed (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Peter Kosinar (Apr 14)
- Re: Pen testing techniques Rafael Nuñez (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- Re: Pen testing techniques Tommy May (Apr 09)