Cracking md5 hash

Discussion in 'Ethical hacking' started by Toddie, Jan 21, 2010.

  1. Toddie

    Toddie New Member

    Joined:
    Jan 9, 2010
    Messages:
    52
    Likes Received:
    2
    Trophy Points:
    0
    Here is a question that maybe you guys can help me with.

    Suppose a user frequents 2 different websites.
    Lets assume that user uses the same password for both sites.
    lets also assume that both sites use an md5 hash to encrypt passwords.

    one site is not vulnerable to sql injection
    the other site is vulnerable to sql injection.

    If you obtain the users md5 password hash on the vulnerable website, and you "crack" the hash, would the "crack" work on the other site that you were unable to sql inject?
     
    Toddie, Jan 21, 2010
    SHARE #1
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Moved your query into separate forum and coming to your question.

    It should work.
     
    shabbir, Jan 22, 2010
    SHARE #2
  3. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    yes it shdu work as plan text passwords are same AS LONG AS both encryptions are md5.
     
    indiansword, Jan 23, 2010
    SHARE #3
  4. Deadly Ghos7

    Deadly Ghos7 New Member

    Joined:
    Dec 19, 2009
    Messages:
    55
    Likes Received:
    2
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Earth
    Home Page:
    http://www.techgaun.com
    yeah because for the same string, its md5 hash will always be the same so it will work definitely.
     
    Deadly Ghos7, Jan 24, 2010
    SHARE #4
  5. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    746
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Just make sure its the same case...
     
    SpOonWiZaRd, Jan 25, 2010
    SHARE #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice