Home All posts

Selasa, 14 Agustus 2012

Gmail Hacker | Fake Tool to Hack Gmail Accounts

Hey friends, today i am going to disclose some irony stuff that Hackers nowadays using to make people fool these days. Hackers are spreading a software tool named as Gmail Hacker v1.0 on the internet with title " Hack Gmail Accounts using Gmail Hacker" or "Gmail Hacker : A superb Gmail Account Hacking tool". But beware of such articles because its nothing more than a smart keylogger which is actually intended to hack users credentials that user gonna use to hack somebody's gmail account. Let us discuss the process in detail:

First of all frankly speaking, Gmail Hacker is a hacking tool( or i better call it social engineering hacking tool) which can be used in either way like Hacking someone's Gmail account and at same time loosing your Gmail Account( if not handled with extreme care). So friends which process you all wanna learn first. Hacking one or getting Hacked one.. or both at same time going step by step :P.

For Having a trail of Gmail Hacker tool you gonna need below stuff:

Now lets go step by step for the Hacking procedure:

Step 1 - Extract the arhive named Gmail.rar on your computer, Once you have extracted you will see the following file:
Builder.exe

Step 2 - On opening Gmail hacker builder.exe you will see the following:
Step 3 - Next you need to enter your gmail address where you would receive logs. However I would recommend you to create a fake email address and use it for receiving logs. 

Step 4 - Once you have entered your credentials, click on the build button.

Step 5 - A file named gmailhacker.exe would be created, On executing the file, the victim will see the following:

Now you need to apply your social engineering skills in order to make the victim enter his/her credentials on to the software. The simplest way of accomplishing this is to tell the victim that the application Gmailhacker.exe is itself a gmail hacking software, You just need to the victim's username, your own gmail ID and your own gmail password, where you would receive victims passwords and click "Hack Them".

Step 6 - Once the victim clicks on the "Hack Them" button, his own gmail credentials that he entered would be sent to you on the email you typed while configuring the software.

Well, here is an interesting part, when the victim will click on the button "Hack them", he will receive the following error, making him thinking that their is a problem with the software:


Now i hope you all understood which part you need to provide credentials and which part you need to provide the fake account credentials that you have recently created.

Irony Part : The file that is being generated by builder.exe i.e. Gmail Hacker.exe is a advance type of remote keylogger which will sent the credentials you have entered into the Gmail Hacker option menu to the hacker who has build the Gmail Hacker.exe file. So important part never put your original account credential in any of such tools which gurantees that they can hack email accounts or facebook accounts because all are simply fake. They are just cool social engineering stuff which is used to make newbie Hackers or users fool to hacker their Gmail accounts.
Read more

FBPwn ~ A cross-platform Java based Facebook profile dumper



Friends, if you get invitation from stranger in facebook, don't accept it.  Even if you know the person, please verify whether profile is real or not.  A new hacking tool is available (DOWNLOAD IT FROM HERE) that will send friend request to you.  If you accept, it  can steal all info ,photos,friend list from you. Think twice before accepting invitation.

FbPwn: A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.

Usage

A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.

Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.

After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!

ModulesDescription:

All modules work on a selected profile URL (we'll call him bob), using a valid authenticated account (we'll call him mallory).

FBPwn modules are:

- AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.

- ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.

- CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

- DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.

- DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.

- DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.


Read more

Sabtu, 11 Agustus 2012

Netbios Hacking- The Ethical Hacking Tutorial


THIS NETBIOS HACKING

THIS NETBIOS HACKING IS ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER.NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

STEP 1.Open command prompt

STEP 2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP-TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS.BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).
Example: C:>net view \59.43.45.212

The above is an example for operation using command prompt.”net view” is one of the netbios command to view the shared resources of the remote computer.Here “59.43.45.212? is an IP address of remote computer that is to be hacked through Netbios.You have to substitute a vlaid IP address in it’s place.If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown.If not an error message is displayed. So repeat the procedure 2 with a different IP address.

Step 3. After succeeding, use the “net use” command in the command prompt.The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1:
C:>net use D: \59.43.45.212F

Example-2:
C:>net use G: \59.43.45.212SharedDocs

Example-3:
C:>net use I: \59.43.45.212Myprint

NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES,FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER.THAT IS IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer.These are displayed after giving “net use” command. “59.43.45.212? is the IP address of remote computer that you want to hack.

STEP 4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

[ad code=1 align=center]

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name.You can open it and access remote computer’s Hard-Drive.You can copy files,music,folders etc. from victim’s hard-drive.You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system.You can access filesfolders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios.That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed).So Repeat The Procedure 2,3 With Different IP Address.

Leave Your Valuable Comments if you like this article
Read more

Jumat, 10 Agustus 2012

Hack into a Facebook Account using jQuery popup log in Box


Hack into facebook




In this article I am gonna teach you a new way to Hack into Facebook accounts Using jQuery popup log in Box.

This new way of hacking Facebook accounts works only for bloggers or site owners!!

If you don't have a blog then create one.

Go to blogger.com, webs.com, wordpress.com, blogger.com etc and make a free blog now!!

After making your own blog, select a good template for your site and start posting some good content to attract visitors.

Here you might be thinking that why I didn't made one for my own blog!!

The fact is that I already Hacked 200+ Accounts in two days using the trick  and secondly I surely don't wanna hack my own fans and visitors :-).

I just made this pop-up log in for testing my invention and making a demo but i never knew that I would hack 200+ accounts in two days!!

How it works:

 Hack into facebook

1. You will need the codes of jQuery popup log in Box. Download these codes from HERE

2. You must have a Web hosting page. Click here to learn how to make a web hosting page.

3. Open The jQuery popup log in Box codes By warwolf that yew downloaded!!

4. Extract all codes using a winrar extractor. Download it from [here]!!

5. Now log in to your Yahoo, gmail, hotmail etc account yew used to signup onbyethost.com.

6. Go to the inbox folder, you will see an Email by byethost.com. This email contains your byethost account informations.

7. Copy your site url from the Email yew received and open the "jQuery popup log in button by warwolf.txt"

8. Press ctrl+f, this will bring up a popup menu asking the user to type the words in the field that yew want to find in this text file.

9. Type action in the field and hit enter. This will highlight the word action as shown in the image :
Hack into facebook

10. After action, type your site url that yew received in the email by byethost.com in the place of "your site here".

11. Don't remove /action.php. Just paste your site url in the place of "your site here" like highlighted above.

12. Save the file!!

13. Now log in to your byethost account.

14. Click on "online file manager" button at the right side of the home page.
Hack into facebook



This will open the file manager of your web hosting page in a new tab!!

15. From the file manager section, click on the folder "htdocs" to open this main folder of the web hosting page.

 Hack into facebook

16. There will be two files in this folder, Delete them by clicking on the delete buttonat the top right of the files.

 Hack into facebook

17. Make sure that yew deleted these files by clicking on the tick button after pressing delete.

 Hack into facebook

18. Now go back to the htdocs folder and upload action.php file from the downloaded folder "jQuery popup login by warwolf"

19. Go to blogger.com

20. Go to Blogger > Layout.

 Hack into facebook


21. Click on Add a Widget/Gadget.

 



22. Select HTML/JavaScipt.


23. Paste the code into body of widget and click Save.


24. Now open your blog in a new tab, you will see a pop up asking for your Facebook Email and password to connect to your blog like in the image below!!

 Hack into facebook

25. To receive the Emails and passwords of your victims, type /warwolf.html in theaddress bar of your browser after your site url.

Join my blog and learn more Facebook hacking tricks :-)


Source : http://thewarwolf.blogspot.in/
Read more

Hack Facebook Account Status - Facebook Status Vulnerability


Hello Friends in this article I will talk about a common vulnerablility which can be used by hackers to hack a facebook account status. Before I proceed with this article I would like to mention it clearly that every thing explained here is for educational purposes only. Our mission is not to encourage people to hack facebook accounts, However we want to raise awareness among people regarding latest internet security threats.

Methodology

There are tons of Facebook users who use a feature called facebook text in order to update a facebook status. If you have enabled this feature all you need to do in order to update your status is to type in your status and send it to "923223265".


However the idea behind this facebook Account status hack is to send a fake sms from your friend's number, therefore the facebook will think that the message has came from the legitimate source and hence it will update the victims Status.

SMS Global

SMSGlobal is a website that allows you send fake sms, The free account only allows you to send 25 SMS, However the business account allows you to send more. All you need to do is to register on SMS global, activate your account. After logging in to your account, click on “Send SMS to a Number”.


 

Send SMS To: 923223265 (Facebook)

Sender ID From: Victims Mobile Number.

Message: The Status which you would like to be updated.

http://www.smsglobal.com/

CounterMeasures
  • Turn off facebook mobile updating feature.

Hope you have liked the post! If you have any questions regarding this article, feel free to ask.

Read more

Kamis, 09 Agustus 2012

How to hack the Windows 7 or Vista passwords-Become a hacker

Hello friends,
"How to Hack windows admin?" This will teach you how to hack the windows password. You can use the above tutorial for hacking any type of windows Operating system. For Example: you can hack the latest Windows 7 also.

There is only one change is required to do. i.e., You have to choose the correct Rainbow table corresponding to the Operating system that you are going to hack.

You can get all type of rainbow table from here:
http://ophcrack.sourceforge.net/tables.php

Hacking Windows XP

If you are going to hack the windows xp accounts(usually admin) password. Then you have to download the XP free fast (703MB) rainbow table.

Hacking Windows 7 or Windows vista

We all know that windows 7 is upgraded version of Vista. So the same rainbow table is used.(because same type of Hash code created by both).
So You have to download the Vista free (461MB) rainbow table.

How ophcrack tool impressed me?
Recently i have tested this tool in my system. In order to test , i create new account with "secure123" password. When i click the crack button, i got the password within seconds. I know this is weak password. So i thought it is not big issue to crack this silly password.

But when i try with my friend system, i am really impressed. Do you know why? He put the strong password for his windows 7 os( a password with upper&lower case combination,Special character,numbers). Because the ophcrack takes less than 1 seconds to crack this password. It is so interesting how the design this wonderful software.
Read more

How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial


if you are college/school students, you may curious to hack the admin password in your college or school system. This post is going to help you to crack the any type of windows accounts passwords. Learn how to hack the windows admin password like a geek.


Refer this link also: How to hack the windows 7 or vista using the following method

Requirements:
  • BackTrack Linux 4 or 5. Download it from http://backtrack-linux.org
  • Two Pen drives [if you are going to test in your own system, one pen drive is enough]
  • Xp Free Fast RainBow table [tables_xp_free_fast.zip]. Download it from here:http://ophcrack.sourceforge.net/tables.php

Install the Backtrack Linux in one pen drive. Leave another pen drive as empty.

Step 1: Booting From Back Track
Insert the Backtrack installed  pen drive in target computer[when turned off].  We are going to boot the operating system from pen drive, so insert when the system is turned off.
Now Turn on the system.
Press F10 [boot menu, differs for system]  before booting and select boot from Pen drive. 
Now it will boot the Backtrack.
Select "Graphical User Interface "
Now wait for a while ( it will execute some commands}
Now you can see the "root:"
type "startx" and hit enter.  It will bring you to the GUI view of Backtrack.

Step 2:Copy the SAM and System files
Click the  Start button(dragon symbol)
Select System Menu
Select Storage Media(if you see nothing, close the window open it again).

You can see the list of Hard disk and Your pen drive.
Open the windows installed Hard disk and Navigate to this path:
WINDOWS/system32/config/

There you can see two files named as "SAM" and "System". 

Copy the both SAM and system files.
[ Just proceed to next step without closing the window]

Step 3:Insert your Empty Pen Drive
Now again go to System Menu->Storage Media
Open Your pen drive(Empty Pen drive) ,Create a new folder and paste the sam and system files inside that folder

[note: you may not paste into your backtrack installed pen drive. that's why i asked you to bring 2 pen drives.  If you testing in your system, then you can copy to any other hard drive.]

You can not directly copy the sam and system files from same operating system. That's why we are using Backtrack.

Step 4:Now go to your home.
Boot into windows.  Extract the "tables_xp_free_fast.zip" in any hard drive.
Copy the folder that contains sam and system files from your pen drive.
Paste in any hard drive.
---
Restart the windows.
Insert the Backtrack installed pen drive and boot from Pen drive.

Step 5: Mounting the Hard drive in Backtrack


Now  go to System Menu->Storage Media(if you see nothing, close the window open it again).
and open the hard drives that contains sam files and rainbow tables. Then close it.

Don't be confused. I asked you to open those hard drive for mounting purpose. In linux , it won't mount automatically until you open the drive

Step 6: Run OphCrack Tool in Backtrack
Open the ophcrack GUI(start->Backtrack->Privilege Escalation->Password Attack->offline Attacks-ophCrack GUI).

Ophcrack GUI application will run now.

Step 7: Loading the folder that contains sam and system files

Click the Load and select "Encrypted SAM" in ophcrack tool.
Now it will ask you to select directory that contains SAM folder.
 
[Select Computer in file selecting window.  click '/'  browse to /media/your_Hard_Disk]
 Select the directory(don't open the directory, just select it).

Now it will load and display the list of user accounts in the windows.

Step 8: Target the Admin Account
Here i am going to hack the one of the administrator account "secure" of my computer.
So remove all other accounts except the target admin account.[This is not necessary, but it will increase the cracking speed] by clicking delete button.

Step 9: Install the Rainbow Table
Now let us install the Rainbow table.
Click the Table button in ophcrack tool.
Now it will ask you to selec the table. 
we are going to crack windows password right?. So choose the first one. and click the install button.
[note: i have installed the rainbow table already.  So it showing green.]

Now browse to the Rain bow table directory. I mean to the "tables_xp_free_fast" folder.
[here also, don't open the foler, just choose it]

now click ok.


Step 10: Cracking Begins
Click the Crack button.
Wait for a while [ophcrack is the fastest cracking tool. so it won't take too much time]

Step 11: Password is cracked
Yes..!! we got the password.  Now go to your school/college and login with that password.
Enjoy.  Don't forget to share with your friends.  This is interesting one na..!
Actually i missed the fun.  I didn't know this hack when i study in college. if i know that time itself,
i may have fun with my college system. 

Using Backtrack Installed CD Or single Pen drive:


You will need only one pen drive, if you are going to hack the admin password in the target system itself. Don't forget to bring the rainbow table in your backtrack pen drive in this case.


you can use cd instead of Pen drive for backtrack installation.
If you use cd, you can not bring the SAM file to your home. You have to crack it in that computer itself

ENJOY CRACKING !!!
Read more

Different Types of Hash Codes-How to Find Which Hash types?

You have hashes but don't know which type it is.  Don't worry, here i listed different types of Hash codes.

DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
Notes: [1] [2]

Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
Note: [1]

MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]

MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]


MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number '9'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
Notes: [1] [2]


MD5(Wordpress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in Wordpress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number 'B'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
Notes: [1] [2]

MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.

MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.

RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.

MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.

md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
Note: [1]

md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
Note: [1]

md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.

md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
Notes: [1] [3] [4]

md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
Notes: [1] [3]

md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
Note: [1]

md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
Note: [1]


md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
Note: [1]

SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.

sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
Note: [1]


sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
Note: [1]

SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
Notes: [1] [2]

SHA-512(Unix)
Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
Notes: [1] [2]


SHA-1(Django) = sha1($salt.$pass)
Example: sha1$12345678$90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b
12345678 is salt (in the hexadecimal format)
90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b is SHA-1 hash.

SHA-256(Django) = SHA-256($salt.$pass)
Example: sha256$12345678$154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b
12345678 is salt (in the hexadecimal format)
154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b is SHA-256 hash.


SHA-384(Django) = SHA-384($salt.$pass)
Example: sha384$12345678$c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d
83001c327f0ab70843dd5
12345678 is salt (in the hexadecimal format)
c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d8
3001c327f0ab70843dd5 is SHA-384 hash.

SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)

SHA-1(ManGOS2) = sha1($username.':'.$pass)

MD5(Custom) = '=='.md5(md5(md5($pass).md5($pass).md5($pass).md5($pass)))


-------------------------------------------------
Notes:

[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).

[2] The hash is to be loaded to the program in full, to the "Hash" column - the program will automatically extract the salt and other required data from it.

[3] The ':' character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.

[4] Salt can contain special characters - single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a'4 instead of a\'4, as well as the salts a"4 instead of a\"4 and a\4 instead of a\\4.


Source: insidepro
Read more
Langganan: Postingan (Atom)