Linux Security Forum
 
  

Go Back   Linux Security Forum > Security Forums > Linux Security Questions
Reload this Page How was my password found?
Register Blogs FAQ Members List Calendar Search Today's Posts Mark Forums Read

Notices
Welcome to the Linux Security Forum.

This forum is dedicated to the discussion of Linux security, security software, website security, and network security. Feel free to ask questions about Linux related security issues. You will also find articles on Linux security topics, and notifications of new exploits for common Linux packages. Be sure to register for the forum, and you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join the Linux Security Forum community today!

If you have any problems with the registration process or your account login, please contact contact us.

Linux Security Questions Ask questions about Linux security related topics here

Reply
 
Thread Tools
  #1  
Old 11-10-2008
computer_freak_8 computer_freak_8 is offline
Newbie
  
Join Date: Nov 2008
Posts: 5
Rep Power: 0
computer_freak_8 is on a distinguished road
Question How was my password found?
Hello,
The problem I have mentioned in this thread is the result of a weak (found in wordlists) password. I have since changed it.

But I would like to test my current passwords for crackibility. I look in the /etc/shadow file for an account I made recently, specifically made to be vunerable to a dictionary attack. I would like know how to use the information before the hash to generate hashes to compare to the password hash.

The first few characters are of the string are $2a$05$ which I have read means the Blowfish algorithm (2a) and salted using 05.

How would I generate hashes (with Blowfish and using the salt) from a wordlist?


Thanks,

computer_freak_8
Reply With Quote
  #2  
Old 11-13-2008
drendeah drendeah is offline
Super Moderator
  
Join Date: Jul 2008
Posts: 295
Blog Entries: 1
Rep Power: 101
drendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond repute
Default Re: How was my password found?
You kind of going about that backwards, looking at, or decoding the hash is basically impossible. What you should do is look at the hash of dictionary words, and then compare the has of those to your hash.

See this link for an automated way to do that:
http://www.linuxsecurityforum.org/f5...words-t23.html
Reply With Quote
  #3  
Old 11-14-2008
computer_freak_8 computer_freak_8 is offline
Newbie
  
Join Date: Nov 2008
Posts: 5
Rep Power: 0
computer_freak_8 is on a distinguished road
Thumbs up Re: How was my password found?
Quote:
Originally Posted by drendeah View Post
You kind of going about that backwards, looking at, or decoding the hash is basically impossible. What you should do is look at the hash of dictionary words, and then compare the has of those to your hash.
Yes, yes, I'm sorry; this is what I had in mind. Will the link you gave me work with the Blowfish and salt, though? Or is it strictly MD5 without salt?


Thanks,
computer_freak_8
Reply With Quote
  #4  
Old 11-15-2008
drendeah drendeah is offline
Super Moderator
  
Join Date: Jul 2008
Posts: 295
Blog Entries: 1
Rep Power: 101
drendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond reputedrendeah has a reputation beyond repute
Default Re: How was my password found?
Quote:
Originally Posted by computer_freak_8 View Post
Yes, yes, I'm sorry; this is what I had in mind. Will the link you gave me work with the Blowfish and salt, though? Or is it strictly MD5 without salt?


Thanks,
computer_freak_8
It should work, use the flag:
Code:
--format=BF
Reply With Quote
  #5  
Old 1 Week Ago
computer_freak_8 computer_freak_8 is offline
Newbie
  
Join Date: Nov 2008
Posts: 5
Rep Power: 0
computer_freak_8 is on a distinguished road
Thumbs up Re: How was my password found?
Quote:
Originally Posted by drendeah View Post
It should work, use the flag:
Code:
--format=BF
Thanks.

I know this is an old thread; I had forgotten I had posted it.
I was recently searching for an answer to this very thing, when I noticed this in my subscribed threads. Now to see what else I've forgotten about...

I'll try to remember to post back after I get the time and am able to try this.


Thanks again,
computer_freak_8
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
found?, password

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Photobucket
All times are GMT -5. The time now is 07:05 AM.

Contact Us - Linux Security Forum - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Advertisement System V2.3 By   Branden