realistic 2

After getting sql file, what can I do with hash, do I need to bruteforce it to get pass?

yes, its a MD5 hash.

Huh it has pretty strong password, I am cracking it with JTR for 4hours now

JtR ????

i didnt know what did MD5!!!

perhaps use Cain ;)

Oh, 10 minutes with cain against 6hours of waiting in JTR. For which password is JTR useful than??

cant recall the name. i think its unix passwords.

they about 7 - 9 charachters long i think. Usally stored on servers etc

Doesn't JTR crack DES encryption? I forgot… All i know is that it cracks .htaccess encrypted stuff.

nights_shadow wrote: Doesn't JTR crack DES encryption? I forgot… All i know is that it cracks .htaccess encrypted stuff.

You're right JTR does DES really well. DES type encryption is the encryption that UNIX uses for it's password files.

according to the JTR docs

JTR supports (and autodetects) the following ciphertext formats: standard and double-length DES-based, BSDI's extended DES-based, FreeBSD's (and not only) MD5-based, and OpenBSD's Blowfish-based.

With just one extra command (required to extract the passwords), John can crack AFS passwords and WinNT LM hashes.

i found the directory where is backup file but i cant figure out file name….

brute force it?

Yea, you gotta brute force it. That's what I did.

the purpose of this mission is to encourage people to program a scanner.

However you can do it the easy way and type in each url.