WebApp Sec mailing list archives
Re: Determine Salt used by MySQL in root'd server
From: cp77fk4r <empty0page () gmail com>
Date: Mon, 13 Jun 2011 19:58:58 +0300
Or- download joomla and try to understand how you set the salt and where it stored. On Sunday, June 12, 2011, Voulnet <voulnet () gmail com> wrote:
Hello folks, I'm doing a pentest on a server, and I got root access through a Joomla web app, I got a dump of the jp_users table in MySQL, however the passwords are obviously hashed and salted. I honestly don't expect the passwords to be strong, so they can be bruteforced, md5-looked up easily. However, how can I determine the salt value? I already have root access on the server but I don't know where to look in MySQL to find the salt value. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Determine Salt used by MySQL in root'd server Voulnet (Jun 13)
- Re: Determine Salt used by MySQL in root'd server cp77fk4r (Jun 13)
- Re: Determine Salt used by MySQL in root'd server cp77fk4r (Jun 13)
- Re: Determine Salt used by MySQL in root'd server samayel (Jun 13)