Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: I've lost some passwords

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    1

    I've lost some passwords

    Hi, I've lost some passwords and recovered the hashes. The hashes look like this:

    Code:
    $P$Bqd24EhYfUB5vBIFsHOzLnKgxljyqO1
    $P$B3VLyW1nvYr9rLGQvlxTEWd6zBh73h0
    $P$BUF6ew1MKNIr.OXhUl..QJX24NfgiT.
    $P$BjzHI4jZ72CO95KTLyW3zQbYfWZdtQ.
    $P$B1n6Ay91eC0sdT1oi6v7oFukFmBceq.
    $P$B9eZtyxysy7OHLfd6f/GdgJhVf/jpH1
    Does anyone know which hashing algorithm was used?

  2. #2
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Looks like some MD5 mixed with RadioGatún and some SHA-1. I also notice a smattering of WHIRLPOOL and Tiger2. Looks like you have some work ahead of you.
    Last edited by ShagDevil; January 29th, 2009 at 06:58 PM.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello Noo, and welcome to AntiOnline.

    What are these passwords for........ operating system logon or an application?


  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    This one leaves me curious. I actually did some searching to find a list or chart or something of what passwords or text looks like in different encryptions/hashs/etc. I found almost nothing? I should have probably started my own thread but if anyone knows of such a thing please let me know! :-)

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey oofki,

    I don't know of any references or tool either, but you might like to play with this free tool.

    http://www.hashemall.com/



    As for the original post............. if he has
    lost some passwords and recovered the hashes
    then he must know what they are for. If you know what the passwords are for, a simple Google search for it should tell you what algorithm or algorithms are used by that software.

    Why is it that I distinctly detect the aroma of rodent here?

    @SD

    Looks like some MD5 mixed with RadioGatún and some SHA-1. I also notice a smattering of WHIRLPOOL and Tiger2.
    Of course! damn, how could I have missed something that obvious.

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Actually I tried that site in my search, it isnt that great, a lot of the same algo's just different bit sizes. I tried searching google for ' $P$B9 ' And well yeah I forgot special symbols don't work....

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes,

    The $P$B is consistent to them all. I can't say that I recognise it though.

    The only thing I can think of along those lines is PunkBuster, the gamesite anti-cheating system?

    Or some sort of constant salt, but in that case I would really have expected it to be stored separately from the hash?????????
    Last edited by nihil; February 1st, 2009 at 11:30 AM.

  8. #8
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Yep its a pretty big anti-cheat system.

    Its almost like it's added after it has been hashed, and with-or-without it that is a strange sized hash (34/30). Most hashes come out to be 16/32/etc. I am definitely interested in what this ends up being a hash for..

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yes, I am interested as well as it looks weird to me as well.

    As for trying to recover passwords from hashes...........your mileage might vary

    Firstly the hash might be so strong that it would take too long............after all, that is the intention isn't it?

    Another problem that I have encountered is that the hash itself has become corrupted so you couldn't extract a working password anyway?

    If we knew what it was for, we might be able to find out what algorithm has been used and consider the feasibility of cracking it. Even better, we might be able to suggest an easier way of restoring access to whatever it is.

    If the problem has "just happened" and you feel that you do know what the password is then I would recommend scanning the HDD with the manufacturer's diagnostic toolkit

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Well I came across this **** Nihil, it is the most complete I have found yet:

    http://www.sinfocol.org/herramientas/hashes.php

    And I think I figured out that, that is some type of crypt, which means it will be impossible to decrypt or even use a lookup table because they are hashed and salted multiple times :-P
    Last edited by oofki; February 4th, 2009 at 01:06 AM.

Similar Threads

  1. Intro to securing Free BSD Part 2
    By gore in forum The Security Tutorials Forum
    Replies: 14
    Last Post: May 25th, 2005, 04:01 AM
  2. Secure Passwords Tutorial
    By NeonWizard in forum The Security Tutorials Forum
    Replies: 5
    Last Post: August 13th, 2004, 06:54 PM
  3. Lockups, bad start ups and lost passwords
    By DeadAddict in forum Other Tutorials Forum
    Replies: 0
    Last Post: December 27th, 2003, 04:57 AM
  4. Creating and Managing passwords
    By DeadAddict in forum The Security Tutorials Forum
    Replies: 3
    Last Post: November 24th, 2003, 12:19 AM
  5. Passwords and Policys
    By instronics in forum The Security Tutorials Forum
    Replies: 3
    Last Post: January 23rd, 2003, 12:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •