WebApp Sec mailing list archives
Re: Determine Salt used by MySQL in root'd server
From: samayel () gmail com
Date: Tue, 14 Jun 2011 04:39:37 +0000
HI guys, Another idea would be to create a couple users and since you have access to the database where the passwords are stored and you know what your passwords are, you should be able to deduce the salted part of your hashes. Good luck! -Samayel Sent from my Blackberry® on the Videotron Mobile Network -----Original Message----- From: cp77fk4r <empty0page () gmail com> Sender: listbounce () securityfocus com Date: Mon, 13 Jun 2011 19:57:43 To: Voulnet<voulnet () gmail com> Cc: webappsec () securityfocus com<webappsec () securityfocus com> Subject: Re: Determine Salt used by MySQL in root'd server Try to look in the source of the login page, or in some config file that included to it. On Sunday, June 12, 2011, Voulnet <voulnet () gmail com> wrote:
Hello folks, I'm doing a pentest on a server, and I got root access through a Joomla web app, I got a dump of the jp_users table in MySQL, however the passwords are obviously hashed and salted. I honestly don't expect the passwords to be strong, so they can be bruteforced, md5-looked up easily. However, how can I determine the salt value? I already have root access on the server but I don't know where to look in MySQL to find the salt value. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Determine Salt used by MySQL in root'd server Voulnet (Jun 13)
- Re: Determine Salt used by MySQL in root'd server cp77fk4r (Jun 13)
- Re: Determine Salt used by MySQL in root'd server cp77fk4r (Jun 13)
- Re: Determine Salt used by MySQL in root'd server samayel (Jun 13)