[ / / / / / / / / ] [ b / news+ / boards ] [ operate / meta ] [ ]

/hack/ - Network Security

325f7164bc9f243cffaab287122f588d

Catalog

Name
Email
Subject
Comment *
File
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Options
Password (For file and post deletion.)

Allowed file types: jpg, jpeg, gif, png, webm, mp4
Max filesize is 8 MB.
Max image dimensions are 10000 x 10000.
You may upload 3 per post.

File: 1411136628555.gif (84.7 KB, 501x585, 167:195, binaryjew.gif)

 No.10

So I've found a site that's vulnerable to SQL, and I've found a username/password combination, but it's hashed and according to a hash identifier either SHA-2 or HAVAL-256, which I assume I can't break. How should I proceed?
Here's the hash:
3038ab16c7083dad5b4372630ee1a8e4bacf75237991f702f838d3ef8bffb1a8

I can even give the site name. I don't really care if someone else gets it and takes all the booty inside, as long as you provide an explanation on how you did it.

 No.11

It's vulnerable to SQL? I think you're going to have to say what you mean by that, what sort of sql vuln? I would try a dictionary attack, but you probably need more hashes to have a high chance of success at that.

 No.12

>>11
The users table had only one set of username/password and there was no admins table.
As for the type, the SQL version is MySQL 5.1.46. It takes everything I put into it, no sanitization.

 No.13

If somebody wants to try their hand at it give me a guerrillamail or something and I'll gib link.

 No.14

rf3k3+3n4cnhkqle65saulr0@guerrillamail.biz

 No.15

Sent.

 No.16

Any luck?

 No.17

>>16
No more than you. I'm somewhat curious how you found/chose that website, but I expect it's none of my business.

 No.29

>>10
I'd check online rainbow tables and see if you can't find one. Otherwise, I'd make a rainbow table and compare it with that.

 No.31

>>29
Rainbow tables have been obsolete for a while.

Just bruteforce with with hashcat on your GPU and you'd get it faster than the lookup time in a rainbow table.

Heck, with security that lax it's probably in a wordlist somewhere (mine has 1.2billion entries, 300million used in the first pass)

 No.32

>>31
bruteforce sha256 with hashcat faster than a lookup in a rainbow table? I highly highly doubt that. This is why these tables are made in the first place.
It might be quicker than the download of a rainbow table given a shitty password, but these things are useful to have.

 No.67

>>12
>>12
>no sanitation
goldmine
genuinely interested in the answer to the OPs question though, no better way than bruteforce?

 No.73

>>67
This is why SHA256 is good. It's not a broken algorithm. It's cryptographically secure.

Still, you can have much stronger security with password storage, like PBKDF2 with 200,000 rounds of SHA256. That would be a LOT better than one round.

If they're not salting SHA256 hashes, you can check it against an online resource or against your own pre-built table, but really there's nothing else except bruteforcing it. Again, sha256 isn't broken. It's cryptographically secure, and very decent for things like this and also crypto signatures and integrity checks (still many ways to fuck up, but SHA256 can be used correctly).

 No.96

I think the term you meant to use was "SQL injection". I don't think there's much to be done about the hash; you could try to see if you have database admin or some sort of elevated privs so that you could attack the site another way, though.

 No.193

if it's vulnerable to SQL injection what you need to do is to use the SQL language to output the source of the scripts used. Why?

>>>Because the hash might be salted, or the hash could be hashed multiple times with account dependent information.

In which case, straight trying to crack the hash won't work.

 No.219

Just use SQLi to pop a shell.

 No.582

read a tutorial


Delete Post [ ]
[]
[Return][Go to top][Catalog]
[ / / / / / / / / ] [ b / news+ / boards ] [ operate / meta ] [ ]