Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: get MD5-Hash from /etc/shadow file

From: Larry Offley <lucullus () shaw ca>
Date: Fri, 11 Apr 2008 11:36:34 -0700
I believe md5 is a one way hash. The only way to determine the password from the hash would be using a rainbow table to look up the hash and see what password produced it. Even then that might not be the password you used since there is some collision in md5. 

Larry Offley

security.offley.ca

markus sesser wrote:

Hi,

is it possible to get the md5 hash of shadow password?

root:$1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt.:13979:0:::::

i'm looking not for a tool like john, crack, ...
i want to have a step by step instruction to get the md5 hash.

what i know:
the relevant sting: $1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt.
salt with optinal '$' at the end: GXJzVR5J$
how to get the password/md5 (which is test) from this string: vS4wC7AW6hV8TvLu6Dtxt. 

and what about the crypt() function?

rgds markus

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: