Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

realistic 2

  1. Home
  2. Forum
  3. Realistic
  4. realistic 2

ghost's Avatar

ghost

0 0

After getting sql file, what can I do with hash, do I need to bruteforce it to get pass?


Mr_Cheese's Avatar

Mr_Cheese

0 1

yes, its a MD5 hash.


ghost's Avatar

ghost

0 0

Huh it has pretty strong password, I am cracking it with JTR for 4hours now


Mr_Cheese's Avatar

Mr_Cheese

0 1

JtR ????

i didnt know what did MD5!!!

perhaps use Cain ;)


ghost's Avatar

ghost

0 0

Oh, 10 minutes with cain against 6hours of waiting in JTR. For which password is JTR useful than??


Mr_Cheese's Avatar

Mr_Cheese

0 1

cant recall the name. i think its unix passwords.

they about 7 - 9 charachters long i think. Usally stored on servers etc


ghost's Avatar

ghost

0 0

Doesn't JTR crack DES encryption? I forgot… All i know is that it cracks .htaccess encrypted stuff.


ghost's Avatar

ghost

0 0

nights_shadow wrote: Doesn't JTR crack DES encryption? I forgot… All i know is that it cracks .htaccess encrypted stuff.

You're right JTR does DES really well. DES type encryption is the encryption that UNIX uses for it's password files.

according to the JTR docs

JTR supports (and autodetects) the following ciphertext formats: standard and double-length DES-based, BSDI's extended DES-based, FreeBSD's (and not only) MD5-based, and OpenBSD's Blowfish-based.

With just one extra command (required to extract the passwords), John can crack AFS passwords and WinNT LM hashes.


ghost's Avatar

ghost

0 0

i found the directory where is backup file but i cant figure out file name….

brute force it?


ghost's Avatar

ghost

0 0

Yea, you gotta brute force it. That's what I did.


Mr_Cheese's Avatar

Mr_Cheese

0 1

the purpose of this mission is to encourage people to program a scanner.

However you can do it the easy way and type in each url.