SlideShare a Scribd company logo

Cracking Salted Hashes

n|u - The Open Security Community
n|u - The Open Security Community

The document discusses various methods of cracking salted password hashes, including determining the hashing algorithm used based on hash length, brute forcing hashes when the salt is known, and exploiting situations where the salt is constant rather than random to facilitate cracking multiple hashes. It provides examples of insecure password hashing implementations and advises using unique random salts with each hashed password for proper security.

1 of 14
Download to read offline
Garage 4 Hackers http://www.garage4hackers.com Cracking Salted Hashes Web Application Security: - The Do’s and Don’ts of “Salt Cryptography” Overview: Data Base security has become more critical as Databases have become more open. And Encryption which is one among the five basic factors of data base security. It’s an insecure practice to keep your sensitive data like Password, Credit Card no etc unencrypted in you database. And this paper will cover the various Cryptography options available and do and don’ts of them. Even if you have encrypted your data that doesn’t mean that your data’s are fully secured, and this paper will be covered in an Attacker perspective. Slat Cryptography. http://en.wikipedia.org/wiki/Salt_(cryptography) Assume a user’s hashed password is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt. The salted key is now the original password appended to this random 32-bit salt. Because of this salt, the attacker’s pre-calculated hashes are of no value (Rainbow table fails). He must calculate the hash of each word with each of 232 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts: 2^{32} times 200 000 = 8.58993459 times 10^{14} To complete a brute-force attack, the attacker must now compute almost 900 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password increasingly difficult. Well and salt is supposed to be secret, to be simple if the attacker knows what salt is used then we would be back again to step one. So below listed are few possible ways you could use to crack salted hashes. FB1H2S http://www.fb1h2s.com Page 1
Garage 4 Hackers http://www.garage4hackers.com Application that doesn’t use cryptography hashes: While auditing a web application I came across this piece of program. It used java script to encrypt the user password before sending. And a salt too was used, and the salt used was the current Session ID. onclick="javascript:document.frm.id.value='user'; document.frm.passwd.value='value'; this.form.passwd.value=(hex_md5('CC6AB28BA9FAD121184B09E00F1DD6E7'+this.form.passwd.value)); this.form.submit(); Where “CC6AB28BA9FAD121184B09E00F1DD6E7”. So In the Back End program: There would be no way for the back end program to verify the password value, as the salt is used and is the random session id. And as MD5 function are non reversible hash function, the password cannot be verified unless and until the passwords are saved as clear text in the Data Base. The salt used to encrypt the password before sending were the random generated session ids. That means that the back end databases are no way encrypted. Some time these kinds of coding gives away a lot of information. Point NO 1: Always encrypt and save your passwords database. Slated Hashes. I recently came across a huge Data Base of a well known !@#$$il[Encrypted] ☺, the Database contained Email-Ids and there alternate passwords, but unfortunately the passwords were encrypted and was in hashed format, “Good Practice”. So the following paper would be in respect to how I cracked those hashes. Cracking The Hashes: The few possible way to crack hashed passwords are: 1) The algorithm used for hashing should have some flaws and hashes should be reversible 2) Or that you will have to Brute force the hashes with a wordlist of Dictionary or Rainbow tables. 3) Or simply if you have UPDATE Privileges on that Data Base Update it with a know password’s hash value. For all of these attacks to work you need to know what algorithm the hashes are computed on. FB1H2S http://www.fb1h2s.com Page 2
Garage 4 Hackers http://www.garage4hackers.com So what is that you could do to figure out the Hashing Algorithm used?? Answer: All algorithms generate a fixed length hash value, so based on the Output you could estimate what algorithm was used☺. “Well all these things are pretty know facts “, but Still am putting it here. For this am putting here a small Cheat sheet for figuring out the Hash functions based on the output. Language: PHP ASP JAVA Algorithm: Function: md5(“input”); Function: Function:java.secur Hash(“input”); System.Security.Cryptogr ity.MessageDigest aphy MD5 Output: 32 Char Output: 32 Char Output: 32 Char Ex: Ex: “5f4dcc3b5aa765d61d8327d “5f4dcc3b5aa765d61d8327d Ex: eb882cf99” eb882cf99” “5f4dcc3b5aa765d61d 8327deb882cf99” Function: Crypt() ““ ““ Salt+Crypto By default its DES Output: 13 Char Ex: “sih2hDu1acVcA” And lot others: Original Source: http://www.insidepro.com/eng/passwordspro.shtml FB1H2S http://www.fb1h2s.com Page 3
Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 4
Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 5
Garage 4 Hackers http://www.garage4hackers.com Well hope this reference table might be of help for you some time. And out these the hashes I had to crack where “13 Chars” hashes. So it was obvious form my table that It was based on Php Crypt function. A simple walk through of of the Php crypt function: 1) It’s is a hash algorithm which takes in a “String” and a “salt” and encrypts the hashes. 2) And by default it uses “DES” to encrypt hashes. FB1H2S http://www.fb1h2s.com Page 6
Garage 4 Hackers http://www.garage4hackers.com Consider the Ex: <?php $password = crypt('password'); ?> Hashes: laAsfestWEiq1 Here password hashes generated would be on basis of a random 2 digit salt. Or we could provide our on salt. <?php $password = crypt('password',’salt’); ?> Hashes: sih2hDu1acVcA And the comparison password verification code would be as follows: if (crypt($user_password, $password) == $password) { echo "Correct Password"; } ?> In either of the cases the salt is appended with the Hashes, property of DES. Well as I mentioned above the security of salt cryptography is on the fact that the salt is unknown to the cracker. But here it’s not. Well with this basic piece of Information, it was easy to crack hashes that I had in my hands☺. And all the hashes were cracked easily, all I have to do was load a common passwords dictionary and add it with the constant salt, and get my work done. FB1H2S http://www.fb1h2s.com Page 7
Garage 4 Hackers http://www.garage4hackers.com Consider the given Hash/salt programs with the following cases. Salt/Hash algorithm with Constant Salt: $password = $password_input; //user input $salt = "salted"; $password = md5($salt.$password); //saved in db md5(saltedpassword) Hashes: 1423de37c0c1b63c3687f8f1651ce1bf Salt: salted In this program a constant salt is used therefore the salt is not saved in the database. So our dumped hashes won’t be having the salt value. For verifying such algorithms we need to try the following things. 1) Try to create a new user using the target application. 2) Dump the data again and verify what algorithm is used using the above mentioned methods. 3) Consider the new password added was “password” md5(‘password’)== “5f4dcc3b5aa765d61d8327deb882cf99”, instead if the updated value was “1423de37c0c1b63c3687f8f1651ce1bf” that says a salt is used and is a constant one as it don’t seem to be added with the final hashes. Cracking the salt: Now for breaking this, the only thing you could do is a bruteforce the hashes for figuring out what the salt is, for ex: And once we know the salt append it with every password we check and crack it. We know : Md5(‘password’)== “5f4dcc3b5aa765d61d8327deb882cf99” Now question is Md5(‘password’ + “????WHAT????”) === “1423de37c0c1b63c3687f8f1651ce1bf” FB1H2S http://www.fb1h2s.com Page 8
Garage 4 Hackers http://www.garage4hackers.com Note: Never use a constant salt for all hashes: “If same constant salt is used for all hashes then it would be easy to crack all hashes” So Point NO 2: If your PHP application is storing Sensitive values and you want to encrypt and store its salted hashes then Crypt() function is not the right option nor depending on any constant salt functions is the right choice. Salt/Hash algorithm with Random Salt: If random salt is used for each hash, which is necessary for application whose source is publicly available, then it would be necessary to store the salt along with the hashes. That gives it a –ve point because it’s possible to extract the salt for the hashes. But + point is, that cracker need to build hash tables with each salt for cracking each hash. This makes it hard to crack multiple hashes at a time. But still possible to crack the selected hashes, consider the admin one. Consider the example: $password = $rand(5); //user input $salt = "salted"; $password = md5($salt.$password); //saved in db md5(saltedpassword) Hashes: 6f04f0d75f6870858bae14ac0b6d9f73:14357 (Hash:Salt) Salt: 14357 We could extract the salt, but as different hash will be having a different salt, it’s impossible to crack all hashes at a stretch. But it would be back again dependent on how good the passwords are. At similar situations a Dictionary attack on the hashes would be the only possibility. Or else we need a better Cracking program, which provides distributed cracking process. Rainbow tables rocks not because it has got all possible values hashes, but because “Searching” algorithm is faster. FB1H2S http://www.fb1h2s.com Page 9
Garage 4 Hackers http://www.garage4hackers.com Consider. Rainbow tables check searching [Fast] Brute Force Read a value Append salt Compute hashes Compare [slow] This property makes the attack slow even if we know the salt. So such situation a better and free Cracking [Distributed Cracking System would be necessary] Idea for One such Distributed Cracking System would be as follows Tool: One such tools documentation would be. The whole Idea of such a system comes from the concept of torrents, where if you want something you have to share something. Here if you want to crack something you will have to share your processing speed. Architecture Of the tool should be: Note: Sorry for the poor Image FB1H2S http://www.fb1h2s.com Page 10
Garage 4 Hackers http://www.garage4hackers.com 1) You download the Cracker tool Client 2) You have an admin hash to crack that of wordpress, you add the hash along with salt to cracker Client. 3) Cracker client sends the hash to Crack server. 4) Crack server accepts you as part of the distributed cracking Network. 5) Crack server updates you with the new set of hashes, algorithm, and permutations you have to carry out. 6) Logic is when someone is doing work for you, will have to work for them too. 7) There by your work will be carried out by many different computers. How this speeds your cracking. 1) Your computer when in the network is assigned to generate wordlist , consider the key space for a 9 char alphanumeric password is 101559787037052 and your computer will have to generate 101559787037052/N , where “N” is the total no of cracker clients in the NW. FB1H2S http://www.fb1h2s.com Page 11
Garage 4 Hackers http://www.garage4hackers.com 2) You computer will have to pass each word generated through multiple algorithms your assigned with on your multithreaded Cracker Client. 3) Once a client cracks a password it updates it to the Cracker server, and cracker server passes it to the user who requested the information. 4) So if you have 350 cracker clients working together then every body’s work will be done in a day or two. Finding an unknown Hash Algorithm: Consider the case with such an algorithm • Consider a situation where the hashes are multiple encrypted with different hash algorithms, for example: <?php $password = sha1('password'); // de4he6la fe4oe6late4he6lade4he6lade4he6la $final_password= md5($password) Final Password Hashes: 1423de37c0c1b63c3687f8f1651ce1bf • In such kind of situations, Hashes may looks like Md5 but it’s actually the md5 of sh1 hashes. • So in such kind of situation were multiple hashing algorithm is used and algorithm is unknown, and it would be really hard to find what the hashes are. Now you need an algorithm brute force for predicting the back end algorithm. FB1H2S http://www.fb1h2s.com Page 12
Garage 4 Hackers http://www.garage4hackers.com Algorithm_Bruter • So I came up with this script, which takes in a known “password” and it’s “hashes” and then moves it through many different commonly used hash algorithms and tries to find a match, predicting what algorithm it used in the back end. • For script need to be provided with a Plain Text Value and its alternate Hashes and as output you will get the algorithm used. • You could check out the script here. • http://www.fb1h2s.com/algorithmbruter.php • This could be used in above mentioned situations. Algorithm_Bruter.php I am going through different Programming forums and taking out different, forms of multiple hashing; programmers are using and, will update it on this script. So you could find what algorithm was used. FB1H2S http://www.fb1h2s.com Page 13
Garage 4 Hackers http://www.garage4hackers.com Hope this paper was of some help for you in dealing with salted hashes. And all greets to Garage Hackers Members. http://www.garage4hackers.com And shouts to all ICW, Andhra Hackers members http://www.andhrahackers.com/ and my Brothers:- B0Nd,Eberly,Wipu,beenu,w4ri0r,empty,neo,Rohith,Sids786,SmartKD,Tia,hg- h@xor,r5scal,Yash,Secure_IT, Atul, Vinnu and all others. This paper was written for Null meet 21/08/ By FB1H2S www.fb1h2s.com FB1H2S http://www.fb1h2s.com Page 14

Recommended

Salt Cryptography & Cracking Salted Hashes by fb1h2s
Salt Cryptography & Cracking Salted Hashes by fb1h2sSalt Cryptography & Cracking Salted Hashes by fb1h2s
Salt Cryptography & Cracking Salted Hashes by fb1h2s
n|u - The Open Security Community
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
John Congdon
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
Islam Heggo
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-too
Christiaan Beek
 
3. javascript bangla tutorials
3. javascript bangla tutorials3. javascript bangla tutorials
3. javascript bangla tutorials
SEOPROFFESSIONALDIGI
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwords
Ryan Smith
 
Wsomdp
WsomdpWsomdp
Wsomdp
riahialae
 
Icsoc14.ppt
Icsoc14.pptIcsoc14.ppt
Icsoc14.ppt
Yann-Gaël Guéhéneuc
 

Recommended

Salt Cryptography & Cracking Salted Hashes by fb1h2s
Salt Cryptography & Cracking Salted Hashes by fb1h2sSalt Cryptography & Cracking Salted Hashes by fb1h2s
Salt Cryptography & Cracking Salted Hashes by fb1h2s
n|u - The Open Security Community
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
John Congdon
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
Islam Heggo
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-too
Christiaan Beek
 
3. javascript bangla tutorials
3. javascript bangla tutorials3. javascript bangla tutorials
3. javascript bangla tutorials
SEOPROFFESSIONALDIGI
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwords
Ryan Smith
 
Wsomdp
WsomdpWsomdp
Wsomdp
riahialae
 
Icsoc14.ppt
Icsoc14.pptIcsoc14.ppt
Icsoc14.ppt
Yann-Gaël Guéhéneuc
 
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2016
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Andrea Cardinale
 
Diagnostics & Debugging webinar
Diagnostics & Debugging webinarDiagnostics & Debugging webinar
Diagnostics & Debugging webinar
MongoDB
 
Codified PostgreSQL Schema
Codified PostgreSQL SchemaCodified PostgreSQL Schema
Codified PostgreSQL Schema
Sean Chittenden
 
Diagnostics and Debugging
Diagnostics and DebuggingDiagnostics and Debugging
Diagnostics and Debugging
MongoDB
 
WSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and MoreWSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2
 
Faceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents StoryFaceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents Story
Sourcesense
 
C99
C99C99
C99
sosoion
 
Ajax и будущее Java Script
Ajax и будущее Java ScriptAjax и будущее Java Script
Ajax и будущее Java Script
Constantin Kichinsky
 
JWT! JWT! Let it all out!
JWT! JWT! Let it all out!JWT! JWT! Let it all out!
JWT! JWT! Let it all out!
John Anderson
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 
DEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
Computer Security
Computer SecurityComputer Security
Computer Security
Aristotelis Kotsomitopoulos
 
St
StSt
St
Romilda Godinho
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
Jose Manuel Ortega Candel
 
Dns wildcards demystified
Dns wildcards demystifiedDns wildcards demystified
Dns wildcards demystified
Men and Mice
 
Shell.php
Shell.phpShell.php
Shell.php
Med Mohamed
 
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector
Rishi Bhargava
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
Mattias Geniar
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
n|u - The Open Security Community
 
Security Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - WhitepaperSecurity Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - Whitepaper
n|u - The Open Security Community
 

More Related Content

What's hot

festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2016
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Andrea Cardinale
 
Diagnostics & Debugging webinar
Diagnostics & Debugging webinarDiagnostics & Debugging webinar
Diagnostics & Debugging webinar
MongoDB
 
Codified PostgreSQL Schema
Codified PostgreSQL SchemaCodified PostgreSQL Schema
Codified PostgreSQL Schema
Sean Chittenden
 
Diagnostics and Debugging
Diagnostics and DebuggingDiagnostics and Debugging
Diagnostics and Debugging
MongoDB
 
WSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and MoreWSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2
 
Faceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents StoryFaceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents Story
Sourcesense
 
C99
C99C99
C99
sosoion
 
Ajax и будущее Java Script
Ajax и будущее Java ScriptAjax и будущее Java Script
Ajax и будущее Java Script
Constantin Kichinsky
 
JWT! JWT! Let it all out!
JWT! JWT! Let it all out!JWT! JWT! Let it all out!
JWT! JWT! Let it all out!
John Anderson
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 
DEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
Computer Security
Computer SecurityComputer Security
Computer Security
Aristotelis Kotsomitopoulos
 
St
StSt
St
Romilda Godinho
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
Jose Manuel Ortega Candel
 
Dns wildcards demystified
Dns wildcards demystifiedDns wildcards demystified
Dns wildcards demystified
Men and Mice
 
Shell.php
Shell.phpShell.php
Shell.php
Med Mohamed
 
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector
Rishi Bhargava
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
Mattias Geniar
 

What's hot (20)

festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
festival ICT 2013: Solid as diamond: use ruby in an web application penetrati...
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Diagnostics & Debugging webinar
Diagnostics & Debugging webinarDiagnostics & Debugging webinar
Diagnostics & Debugging webinar
 
Codified PostgreSQL Schema
Codified PostgreSQL SchemaCodified PostgreSQL Schema
Codified PostgreSQL Schema
 
Diagnostics and Debugging
Diagnostics and DebuggingDiagnostics and Debugging
Diagnostics and Debugging
 
WSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and MoreWSO2Con USA 2015: Securing your APIs: Patterns and More
WSO2Con USA 2015: Securing your APIs: Patterns and More
 
Faceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents StoryFaceted Search – the 120 Million Documents Story
Faceted Search – the 120 Million Documents Story
 
C99
C99C99
C99
 
Ajax и будущее Java Script
Ajax и будущее Java ScriptAjax и будущее Java Script
Ajax и будущее Java Script
 
JWT! JWT! Let it all out!
JWT! JWT! Let it all out!JWT! JWT! Let it all out!
JWT! JWT! Let it all out!
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
 
DEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot web
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
St
StSt
St
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
Dns wildcards demystified
Dns wildcards demystifiedDns wildcards demystified
Dns wildcards demystified
 
Shell.php
Shell.phpShell.php
Shell.php
 
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector
 
Code obfuscation, php shells & more
Code obfuscation, php shells & moreCode obfuscation, php shells & more
Code obfuscation, php shells & more
 

Viewers also liked

nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
n|u - The Open Security Community
 
Security Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - WhitepaperSecurity Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - Whitepaper
n|u - The Open Security Community
 
nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric System
n|u - The Open Security Community
 
An analysis of a facebook spam exploited through browser add-ons - Whitepaper
An analysis of a facebook spam exploited through browser add-ons - WhitepaperAn analysis of a facebook spam exploited through browser add-ons - Whitepaper
An analysis of a facebook spam exploited through browser add-ons - Whitepaper
n|u - The Open Security Community
 
Project Jugaad
Project JugaadProject Jugaad
Project Jugaad
n|u - The Open Security Community
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.
Positive Hack Days
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия ПрограммыAeroSvit Airlines
 

Viewers also liked (7)

nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
 
Security Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - WhitepaperSecurity Issues in Android Custom Rom - Whitepaper
Security Issues in Android Custom Rom - Whitepaper
 
nullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric Systemnullcon 2011 - Penetration Testing a Biometric System
nullcon 2011 - Penetration Testing a Biometric System
 
An analysis of a facebook spam exploited through browser add-ons - Whitepaper
An analysis of a facebook spam exploited through browser add-ons - WhitepaperAn analysis of a facebook spam exploited through browser add-ons - Whitepaper
An analysis of a facebook spam exploited through browser add-ons - Whitepaper
 
Project Jugaad
Project JugaadProject Jugaad
Project Jugaad
 
Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.Anton Dorfman. Shellcode Mastering.
Anton Dorfman. Shellcode Mastering.
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия Программы
 

Similar to Cracking Salted Hashes

Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
fangjiafu
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
Anthony Ferrara
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
Michal Špaček
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
All Things Open
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
Great Wide Open
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
nerdybeardo
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
secure php
secure phpsecure php
secure php
Riyad Bin Zaman
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Jonathan Katz
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
Vlad Garbuz
 
E forensic series
E forensic seriesE forensic series
E forensic series
Kapp Edge Solutions Pvt Ltd
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
OwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
Filip Šebesta
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
POSSCON
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
Will Alexander
 

Similar to Cracking Salted Hashes (20)

Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
 
Disclosing password hashing policies
Disclosing password hashing policiesDisclosing password hashing policies
Disclosing password hashing policies
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
secure php
secure phpsecure php
secure php
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
E forensic series
E forensic seriesE forensic series
E forensic series
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
P@ssw0rds
P@ssw0rdsP@ssw0rds
P@ssw0rds
 

More from n|u - The Open Security Community

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
Osint primer
Osint primerOsint primer
Osint primer
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
n|u - The Open Security Community
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 

Recently uploaded (20)

“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 

Cracking Salted Hashes

  • 1. Garage 4 Hackers http://www.garage4hackers.com Cracking Salted Hashes Web Application Security: - The Do’s and Don’ts of “Salt Cryptography” Overview: Data Base security has become more critical as Databases have become more open. And Encryption which is one among the five basic factors of data base security. It’s an insecure practice to keep your sensitive data like Password, Credit Card no etc unencrypted in you database. And this paper will cover the various Cryptography options available and do and don’ts of them. Even if you have encrypted your data that doesn’t mean that your data’s are fully secured, and this paper will be covered in an Attacker perspective. Slat Cryptography. http://en.wikipedia.org/wiki/Salt_(cryptography) Assume a user’s hashed password is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt. The salted key is now the original password appended to this random 32-bit salt. Because of this salt, the attacker’s pre-calculated hashes are of no value (Rainbow table fails). He must calculate the hash of each word with each of 232 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts: 2^{32} times 200 000 = 8.58993459 times 10^{14} To complete a brute-force attack, the attacker must now compute almost 900 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password increasingly difficult. Well and salt is supposed to be secret, to be simple if the attacker knows what salt is used then we would be back again to step one. So below listed are few possible ways you could use to crack salted hashes. FB1H2S http://www.fb1h2s.com Page 1
  • 2. Garage 4 Hackers http://www.garage4hackers.com Application that doesn’t use cryptography hashes: While auditing a web application I came across this piece of program. It used java script to encrypt the user password before sending. And a salt too was used, and the salt used was the current Session ID. onclick="javascript:document.frm.id.value='user'; document.frm.passwd.value='value'; this.form.passwd.value=(hex_md5('CC6AB28BA9FAD121184B09E00F1DD6E7'+this.form.passwd.value)); this.form.submit(); Where “CC6AB28BA9FAD121184B09E00F1DD6E7”. So In the Back End program: There would be no way for the back end program to verify the password value, as the salt is used and is the random session id. And as MD5 function are non reversible hash function, the password cannot be verified unless and until the passwords are saved as clear text in the Data Base. The salt used to encrypt the password before sending were the random generated session ids. That means that the back end databases are no way encrypted. Some time these kinds of coding gives away a lot of information. Point NO 1: Always encrypt and save your passwords database. Slated Hashes. I recently came across a huge Data Base of a well known !@#$$il[Encrypted] ☺, the Database contained Email-Ids and there alternate passwords, but unfortunately the passwords were encrypted and was in hashed format, “Good Practice”. So the following paper would be in respect to how I cracked those hashes. Cracking The Hashes: The few possible way to crack hashed passwords are: 1) The algorithm used for hashing should have some flaws and hashes should be reversible 2) Or that you will have to Brute force the hashes with a wordlist of Dictionary or Rainbow tables. 3) Or simply if you have UPDATE Privileges on that Data Base Update it with a know password’s hash value. For all of these attacks to work you need to know what algorithm the hashes are computed on. FB1H2S http://www.fb1h2s.com Page 2
  • 3. Garage 4 Hackers http://www.garage4hackers.com So what is that you could do to figure out the Hashing Algorithm used?? Answer: All algorithms generate a fixed length hash value, so based on the Output you could estimate what algorithm was used☺. “Well all these things are pretty know facts “, but Still am putting it here. For this am putting here a small Cheat sheet for figuring out the Hash functions based on the output. Language: PHP ASP JAVA Algorithm: Function: md5(“input”); Function: Function:java.secur Hash(“input”); System.Security.Cryptogr ity.MessageDigest aphy MD5 Output: 32 Char Output: 32 Char Output: 32 Char Ex: Ex: “5f4dcc3b5aa765d61d8327d “5f4dcc3b5aa765d61d8327d Ex: eb882cf99” eb882cf99” “5f4dcc3b5aa765d61d 8327deb882cf99” Function: Crypt() ““ ““ Salt+Crypto By default its DES Output: 13 Char Ex: “sih2hDu1acVcA” And lot others: Original Source: http://www.insidepro.com/eng/passwordspro.shtml FB1H2S http://www.fb1h2s.com Page 3
  • 4. Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 4
  • 5. Garage 4 Hackers http://www.garage4hackers.com FB1H2S http://www.fb1h2s.com Page 5
  • 6. Garage 4 Hackers http://www.garage4hackers.com Well hope this reference table might be of help for you some time. And out these the hashes I had to crack where “13 Chars” hashes. So it was obvious form my table that It was based on Php Crypt function. A simple walk through of of the Php crypt function: 1) It’s is a hash algorithm which takes in a “String” and a “salt” and encrypts the hashes. 2) And by default it uses “DES” to encrypt hashes. FB1H2S http://www.fb1h2s.com Page 6
  • 7. Garage 4 Hackers http://www.garage4hackers.com Consider the Ex: <?php $password = crypt('password'); ?> Hashes: laAsfestWEiq1 Here password hashes generated would be on basis of a random 2 digit salt. Or we could provide our on salt. <?php $password = crypt('password',’salt’); ?> Hashes: sih2hDu1acVcA And the comparison password verification code would be as follows: if (crypt($user_password, $password) == $password) { echo "Correct Password"; } ?> In either of the cases the salt is appended with the Hashes, property of DES. Well as I mentioned above the security of salt cryptography is on the fact that the salt is unknown to the cracker. But here it’s not. Well with this basic piece of Information, it was easy to crack hashes that I had in my hands☺. And all the hashes were cracked easily, all I have to do was load a common passwords dictionary and add it with the constant salt, and get my work done. FB1H2S http://www.fb1h2s.com Page 7
  • 8. Garage 4 Hackers http://www.garage4hackers.com Consider the given Hash/salt programs with the following cases. Salt/Hash algorithm with Constant Salt: $password = $password_input; //user input $salt = "salted"; $password = md5($salt.$password); //saved in db md5(saltedpassword) Hashes: 1423de37c0c1b63c3687f8f1651ce1bf Salt: salted In this program a constant salt is used therefore the salt is not saved in the database. So our dumped hashes won’t be having the salt value. For verifying such algorithms we need to try the following things. 1) Try to create a new user using the target application. 2) Dump the data again and verify what algorithm is used using the above mentioned methods. 3) Consider the new password added was “password” md5(‘password’)== “5f4dcc3b5aa765d61d8327deb882cf99”, instead if the updated value was “1423de37c0c1b63c3687f8f1651ce1bf” that says a salt is used and is a constant one as it don’t seem to be added with the final hashes. Cracking the salt: Now for breaking this, the only thing you could do is a bruteforce the hashes for figuring out what the salt is, for ex: And once we know the salt append it with every password we check and crack it. We know : Md5(‘password’)== “5f4dcc3b5aa765d61d8327deb882cf99” Now question is Md5(‘password’ + “????WHAT????”) === “1423de37c0c1b63c3687f8f1651ce1bf” FB1H2S http://www.fb1h2s.com Page 8
  • 9. Garage 4 Hackers http://www.garage4hackers.com Note: Never use a constant salt for all hashes: “If same constant salt is used for all hashes then it would be easy to crack all hashes” So Point NO 2: If your PHP application is storing Sensitive values and you want to encrypt and store its salted hashes then Crypt() function is not the right option nor depending on any constant salt functions is the right choice. Salt/Hash algorithm with Random Salt: If random salt is used for each hash, which is necessary for application whose source is publicly available, then it would be necessary to store the salt along with the hashes. That gives it a –ve point because it’s possible to extract the salt for the hashes. But + point is, that cracker need to build hash tables with each salt for cracking each hash. This makes it hard to crack multiple hashes at a time. But still possible to crack the selected hashes, consider the admin one. Consider the example: $password = $rand(5); //user input $salt = "salted"; $password = md5($salt.$password); //saved in db md5(saltedpassword) Hashes: 6f04f0d75f6870858bae14ac0b6d9f73:14357 (Hash:Salt) Salt: 14357 We could extract the salt, but as different hash will be having a different salt, it’s impossible to crack all hashes at a stretch. But it would be back again dependent on how good the passwords are. At similar situations a Dictionary attack on the hashes would be the only possibility. Or else we need a better Cracking program, which provides distributed cracking process. Rainbow tables rocks not because it has got all possible values hashes, but because “Searching” algorithm is faster. FB1H2S http://www.fb1h2s.com Page 9
  • 10. Garage 4 Hackers http://www.garage4hackers.com Consider. Rainbow tables check searching [Fast] Brute Force Read a value Append salt Compute hashes Compare [slow] This property makes the attack slow even if we know the salt. So such situation a better and free Cracking [Distributed Cracking System would be necessary] Idea for One such Distributed Cracking System would be as follows Tool: One such tools documentation would be. The whole Idea of such a system comes from the concept of torrents, where if you want something you have to share something. Here if you want to crack something you will have to share your processing speed. Architecture Of the tool should be: Note: Sorry for the poor Image FB1H2S http://www.fb1h2s.com Page 10
  • 11. Garage 4 Hackers http://www.garage4hackers.com 1) You download the Cracker tool Client 2) You have an admin hash to crack that of wordpress, you add the hash along with salt to cracker Client. 3) Cracker client sends the hash to Crack server. 4) Crack server accepts you as part of the distributed cracking Network. 5) Crack server updates you with the new set of hashes, algorithm, and permutations you have to carry out. 6) Logic is when someone is doing work for you, will have to work for them too. 7) There by your work will be carried out by many different computers. How this speeds your cracking. 1) Your computer when in the network is assigned to generate wordlist , consider the key space for a 9 char alphanumeric password is 101559787037052 and your computer will have to generate 101559787037052/N , where “N” is the total no of cracker clients in the NW. FB1H2S http://www.fb1h2s.com Page 11
  • 12. Garage 4 Hackers http://www.garage4hackers.com 2) You computer will have to pass each word generated through multiple algorithms your assigned with on your multithreaded Cracker Client. 3) Once a client cracks a password it updates it to the Cracker server, and cracker server passes it to the user who requested the information. 4) So if you have 350 cracker clients working together then every body’s work will be done in a day or two. Finding an unknown Hash Algorithm: Consider the case with such an algorithm • Consider a situation where the hashes are multiple encrypted with different hash algorithms, for example: <?php $password = sha1('password'); // de4he6la fe4oe6late4he6lade4he6lade4he6la $final_password= md5($password) Final Password Hashes: 1423de37c0c1b63c3687f8f1651ce1bf • In such kind of situations, Hashes may looks like Md5 but it’s actually the md5 of sh1 hashes. • So in such kind of situation were multiple hashing algorithm is used and algorithm is unknown, and it would be really hard to find what the hashes are. Now you need an algorithm brute force for predicting the back end algorithm. FB1H2S http://www.fb1h2s.com Page 12
  • 13. Garage 4 Hackers http://www.garage4hackers.com Algorithm_Bruter • So I came up with this script, which takes in a known “password” and it’s “hashes” and then moves it through many different commonly used hash algorithms and tries to find a match, predicting what algorithm it used in the back end. • For script need to be provided with a Plain Text Value and its alternate Hashes and as output you will get the algorithm used. • You could check out the script here. • http://www.fb1h2s.com/algorithmbruter.php • This could be used in above mentioned situations. Algorithm_Bruter.php I am going through different Programming forums and taking out different, forms of multiple hashing; programmers are using and, will update it on this script. So you could find what algorithm was used. FB1H2S http://www.fb1h2s.com Page 13
  • 14. Garage 4 Hackers http://www.garage4hackers.com Hope this paper was of some help for you in dealing with salted hashes. And all greets to Garage Hackers Members. http://www.garage4hackers.com And shouts to all ICW, Andhra Hackers members http://www.andhrahackers.com/ and my Brothers:- B0Nd,Eberly,Wipu,beenu,w4ri0r,empty,neo,Rohith,Sids786,SmartKD,Tia,hg- h@xor,r5scal,Yash,Secure_IT, Atul, Vinnu and all others. This paper was written for Null meet 21/08/ By FB1H2S www.fb1h2s.com FB1H2S http://www.fb1h2s.com Page 14