Penetration Testing mailing list archives
Re: get MD5-Hash from /etc/shadow file
From: Peter Kosinar <goober () ksp sk>
Date: Mon, 14 Apr 2008 06:11:17 +0200 (CEST)
Hello Markus,
the relevant sting: $1$GXJzVR5J$vS4wC7AW6hV8TvLu6Dtxt. salt with optinal '$' at the end: GXJzVR5J$how to get the password/md5 (which is test) from this string: vS4wC7AW6hV8TvLu6Dtxt.
I think there might be some confusion related to the fact that the acronym "MD5" is usually referred to in two different contexts:
1) The usual MD5 hash (as calculated by, for example, md5sum) is a 128-bit hash of an arbitrary sequence of bytes. It's usually written in the form "098f6bcd4621d373cade4e832627b4f6" (the MD5 sum of the string 'test').
2) The MD5-based password-hashing algorithm (i.e. the one used to hash the passwords in /etc/shadow) is only -based- on MD5, it's not the plain MD5. The full algorithm is a lot more complicated and the computation of MD5 hash of some data is repeated many times in it. Although the result of this computation is also a 128-bit string, it's usually stored in a different format -- namely, Base64-encoded.
If you want all the gory details of the algorithm, have a look at crypt/ directory in glibc sources. That's the algorithm used by crypt() function in glibc, if you provide it with salt of the right form (one beginning with $1).
PeterPS. Going off the top of my memory, so bits or all of what I've written above might be wrong :-)
-- [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Pen testing techniques, (continued)
- Re: Pen testing techniques Joey Peloquin (Apr 11)
- Re: Pen testing techniques vtlists (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- RE: Pen testing techniques Jason (Apr 12)
- Re: Pen testing techniques Nathan Sportsman (Apr 12)
- Re: Pen testing techniques intel96 (Apr 09)
- get MD5-Hash from /etc/shadow file markus sesser (Apr 11)
- Re: get MD5-Hash from /etc/shadow file Razi Shaban (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Larry Offley (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Morgan Reed (Apr 12)
- Re: get MD5-Hash from /etc/shadow file Peter Kosinar (Apr 14)
- Re: Pen testing techniques Rafael Nuñez (Apr 11)
- Re: Pen testing techniques v3nd3rs5uck (Apr 11)
- Re: Pen testing techniques Tommy May (Apr 09)