Hcon Security Testing Framework (HconSTF)
HconSTF Browser:> Code Name: Prime
Types of MD5 Hashes
I have been found some md5 hash passwords in hacked sites but i don't know how they goes or which types these were. This note will tell us about md5 hashes more detail depending on different CMS, WP or Joomla or Phpmyadmin or something else.
DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
Notes: [1] [2]
Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
Note: [1]
MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]
MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]
MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number '9'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
Notes: [1] [2]
MD5(Wordpress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in Wordpress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number 'B'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
Notes: [1] [2]
MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.
MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.
RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.
MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.
md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
Note: [1]
md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
Note: [1]
md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.
md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
Notes: [1] [3] [4]
md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
Notes: [1] [3]
md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
Note: [1]
md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
Note: [1]
md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
Note: [1]
SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.
sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
Note: [1]
sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
Note: [1]
SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9zYE1v0
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
Notes: [1] [2]
SHA-512(Unix)
Example:$6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTIxGEjssvtT1aKyZHjs
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
Notes: [1] [2]
SHA-1(Django) = sha1($salt.$pass)
Example: sha1$12345678$90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b
12345678 is salt (in the hexadecimal format)
90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b is SHA-1 hash.
SHA-256(Django) = SHA-256($salt.$pass)
Example:sha256$12345678$154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b
12345678 is salt (in the hexadecimal format)
154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b is SHA-256 hash.
SHA-384(Django) = SHA-384($salt.$pass)
Example:sha384$12345678$c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5
12345678 is salt (in the hexadecimal format)
c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5 is SHA-384 hash.
SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
SHA-1(ManGOS2) = sha1($username.':'.$pass)
-------------------------------------------------
Notes:
[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).
[2] The hash is to be loaded to the program in full, to the "Hash" column - the program will automatically extract the salt and other required data from it.
[3] The ':' character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.
[4] Salt can contain special characters - single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a'4 instead of a\'4, as well as the salts a"4 instead of a\"4 and a\4 instead of a\\4.
Symlink Tutorial: Bypass Server
Almost hacker need to know about symlink. Watch the Video Tutorial by AtomMota about Symlink. Enjoy symlinking!
Hacker Home Pro v2.1 Apk
Hacker’s Home is the 1st android app ever in the Google Play Store which
includes tons of stuffs relating Hacking Computer, Wi-Fi, Website,
Facebook, Emails with step by step tutorials and with live chat
functionality which let you stay tuned with the hackers all around the
globe.
- Computer Hacking
- WiFi Hacking
- Instant Facebook Hacks Tutorial
- Hacking Website
- Email Hacking
- Protect Yourself
- Backtrack 5 tutorials
- Windows Tricks and Hacking
- Regular updates
- Ads Free
- More Amazing Stuffs
Note: - This Application is only for education purpose and is 100% safe. This application is designed by the developer for the reference only.
This App Contains Step by step 1,730 Tutorials, Some of the list are as Follows :
- Protect Your own accounts from being hacked
- Strong your own security
- Use your android phone to gain access to facebook, youtube, twitter, amazon accounts
- Hack Websites with SQL injection and other methods
- Hack Gmail, Yahoo & Msn Accounts
- Crack Wifi WEP and WPA passwords
- Gain access to e-mail accounts
- Hack Facebook accounts
- Bypassing school security
- Speed up your internet connection on ps3, xbox, PC, or mac
- Hacking websites with SQL injection
- Hacking and cracking Wi-Fi by bypassing securities
- Speed up your internet and optimize your PC
- Setup Backtrack
- Backtrack 5 Tutorials
- Some Interesting Windows Tricks
- Password Cracking Tutorials
- How to create Viruses
- Video Tutorials
- + Many More
- Minor Bug Fixed
- More Tutorial will be add soon
- Next Update will be on 29th September
Download: Solidfiles Mirrorcreator
Ubuntu 13.04 Beginner Guide [Myanmar Version]
Author: Negative Thunder
Publisher: Ubuntu Myanmar Loco Team
File Size: 3.43 MB
Pages: 75
Table of Contents:
Introduction to Linux
Introduction to Ubuntu
Installation
The Ubuntu Desktop
Work with Ubuntu
Software Management
Networking
Customization
Best Android Hacking Tools
Hello, Bros! Here is All Toolkit Pack for Android when you are in android phone mode. Use at your own risk. Happy hacking and enjoy!
Android Network Toolkit
Nmap for Android
Subscribe to:
Posts (Atom)
0 comments:
Never Forget To Say Thanks :D