Results 1 to 8 of 8

Thread: ettercap displays hashed passwords..

  1. #1

    Angry ettercap displays hashed passwords..

    hello all,

    i followed the steps in this tutorial and everything went great

    http://forums.remote-exploit.org/sho...hp?t=99&page=1

    but im getting a hashed password, i tired in plain-text.info but it's not cracking the hash..

    thank you

    Regards,

    Noor

  2. #2
    I'm sure you did it correctly how ever it depends on the website? see some websites don't send the password. Instead they both compute a hash from the password and compare the has to see if its correct. You need to find what website that has goes to to figure out what type of has it is to decode the password.
    ...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    That's a sniffing tutorial, so of course you'll see the hashes, that's what's being transmitted... various technologies transmit various data..

    You may not even be seeing hashes, you could be seeing encrypted data..

    Some possible answers:

    1) The password is hashed with MD5, SHA-1, SHA-2 ( SHA-256, SHA384, SHA-512)... Hell it could, in some weird case be LM or NTLM Hashes

    2) Maybe you're sniffing an HTTPS transaction and everything is encrypted

    3) Perhaps a Pre-Shared Key is used to encrypt the password... or a One Time Password..


    Now that you have that.. This isn't a skiddie site... If you were sniffing to learn, you'd know what you were sniffing...

    Peace,
    HT

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    As far as I was aware Ettercap is supposed to capture and display hashed passwords (amongst a whole load of other stuff) It is a sniffing tool, so it basically shows you what is there.

    As HT~ points out, this is usually a hashed password, but this could use any number of algorithms, and might even be a bit more exotic. He quite righly observes that you actually need to know what you are sniffing to proceed any further.

    This is a two stage process:

    1. Use sniffing tool to capture password hash.
    2. Use cracking tool to decode/decrypt the captured hash.

    There are three basic approaches to cracking a password:

    1. Dictionary attack
    2. Brute force
    3. Rainbow tables

    With #1 you have a file or table of words and compare their hashed values to the captured hash until you get a match. Obviously the word has to be in your dictionary for this to work.

    This is probably the quickest method provided that the password is a real word and is relatively simple.

    Obviously you would need to know the language the password was in and hope that it did not contain a spelling mistake.

    With #2 you use character sets and try all combinations. This will work against a dictionary word, a passphrase or a random password. It can take a VERY long time. You must have all the characters in the password in your character set.

    #3 is a development on #2 and speeds up the process, as the tables contain precomputed hashes, so the cracking process consists of mere comparisons.

    In all cases you need to know the hashing algorithm (MD5 etc) being used.

    I realise that this is a very brief and simplistic explanation, but I hope it gives you a better idea of what I think you are trying to do.


  5. #5

    Red face hey,

    thanx alot guys for the help, i tired crackng the hash in many ways but ended up in rainbow cracking which is there uncracked in the list from almost a month in plain-text.info and its status is still cracking.. i even tried the milw0rm.com.org cracking systm but i didn't get the crack for that,,

    i have something to point,

    everytime the user logs in i get a different hash, that computer is using a yahoo mail but something really strange that many other users are usin the yahoo mail and i got their passwords in plain text but this one is different although it's a yamhoo mail but what i have noticed that the url used is some different it's something like this:

    us.yahoo.com.... something like that and the rest of the yahoo accounts are diffirent,

    lets say that the site is yahoo, is there any know algorithm to reverse and get the hashes ??

    Regards,

    Noor

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    My dear "Light", please let me enlighten you

    This is not a skiddie hackers site, so you had better come out upfront with what you are trying to do, and why.................


  7. #7
    im sniffing passwords over a network, why would i use ettercap then ??

    any ideas please,

    Thank you,

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    This is the point at which my patience terminates.................

    An Administrator can overule me should they chose to do so?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •