Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

To err is human, to moo bovine.


computers / rocksolid.shared.hacking / Re: noob trying to crack a md5 hash

SubjectAuthor
* noob trying to crack a md5 hashlacroix_boi
`* Re: noob trying to crack a md5 hashAnonymous
 `* Re: noob trying to crack a md5 hashlacroix_boi
  +- Re: noob trying to crack a md5 hashlacroix_boi
  `* Re: noob trying to crack a md5 hashAnonymous
   `* Re: noob trying to crack a md5 hashlacroix_boi
    `- Re: noob trying to crack a md5 hashAnonymous

1
noob trying to crack a md5 hash

<65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=456&group=rocksolid.shared.hacking#456

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: fake_em...@mail.i2p (lacroix_boi)
Newsgroups: rocksolid.shared.hacking
Subject: noob trying to crack a md5 hash
Date: Wed, 18 May 2022 07:28:03 +0000
Organization: RetroBBS
Message-ID: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="10010"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$QGewuyV5nk5lpztJpJs8h.kP9812lkDJ9LgKCu9yW/EWa0nom9iXq
X-Rslight-Posting-User: f423ef9802c62708da086fcb5c26aa554fa9b6cd
 by: lacroix_boi - Wed, 18 May 2022 07:28 UTC

TLDR: i'm a hacking noob trying to learn and i'm unable to crack this simple md5 hash. If you want to skip the novel, the hash is in the second to last paragraph.

Well hello citizens of itoopie! i'm a recent convert to this awesome network, and from the last couple of months of playing around with it, i'm really digging it, man. I've spent (like im sure we all have) years on TOR and playing around with all their fun projects and technologies, so its still near and dear to my heart, but having I2Pd installed on a whonix-WS qube on my Qubes machine has won me over.

Okay, enough of the asskissing. I need some help.
There is a hackers forum on the TOR network (i'll keep the name quiet but i'm sure you all have heard of it) that is meant specifically for pretty advanced mofos. Anyone can join the forum, but you only have limited access to the topics and threads. In order to gain full access, you must complete a couple of hacking challenges to prove you know your shit before you submit your application to become a "fully fledged neckbeard" or whatever. Now, I've personally been on the blue-team side of cybersecurity as a hobby for a hot minute, but i've recently started dipping my toes into the red side of things, and I'm really liking it.

It's just pretty fuckin hard, though. It is much easier keeping strong opsec to stay hidden than it is to do some of the searching yourself, I've learned.

SO. I've been trying to take on these hacking challenges simply for fun and practice, kind of like a free vulnhub VM or a one-off CTF challenge. But so far the challenge is defeating me. All it says is to "find the hash on this page and crack it, then type your password in". Finding the hash was easy (all it took was like 15 minutes poking around at the source code and inspecting the pages elements). But for some reason I am having the hardest time cracking the hash.

It's a md5 hash, which i've read while researching what exactly to do is supposed to be a fairly easy hash to crack. I've tried hashcat and john the ripper on Kali, i've tried using a tool called "Cyber Chef" (on I2P actually), and just to help trouble shoot, i tried a couple of those shitty "online md5 generators/crackers" websites. And i've just kinda come to a dead end, the tools either fail to crack the hash (kali tools) or the answers i get are all different from one another (the rest of the tools/sites).

Here is the md5 hash that was hidden in the header: 7db57006a3529c518b7773f3fb6a8f35.
I am not asking anyone to do the work for me, I really want to solve this mother fucker, but some wisdom from hackers who know better than me would be really helpful. Does anyone have any tips/tricks/advice for what to do next? Maybe an article or a really helpful writeup of a similar situation so i can learn? I figure i'm just using the kali tools incorrectly, but i've read the man pages for both hashcat and john and there are several examples online that i followed with no luck. I've tried brute-force attacks and dictionary attacks with both tools.

If someone could help teach me the correct way to solve this, or atleast set me in the right direction, that would be pretty groovy. Sorry for this too-long first post, some other accounts I have I am pretty short and sweet on, so i guess i decided to make this account break the pattern. Take THAT steganography (;

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=457&group=rocksolid.shared.hacking#457

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: Anonym...@rocksolidbbs.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Wed, 18 May 2022 20:27:56 +0000
Organization: RetroBBS
Message-ID: <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="20982"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$Xip1.EysSm1UqJ7dD14ktOH8fxr7v29S8tOpuwbA/2Z4Ff6thps6m
X-Rslight-Posting-User: 7d1b1c0431a54fcbeb6112e1ac43419a90ad024c
 by: Anonymous - Wed, 18 May 2022 20:27 UTC

check out these links:

https://cryptography.hyperlink.cz/MD5_collisions.html
https://resources.bishopfox.com/resources/tools/other-free-tools/md4md5-collision-code/

not sure if using these tools qualify as "solving it yourself"....

what is the pages address ? i would like to take a peek as well...

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<666a024a9c74c9a0afd4516952733524@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=458&group=rocksolid.shared.hacking#458

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: fake_em...@mail.i2p (lacroix_boi)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Wed, 18 May 2022 21:27:37 +0000
Organization: RetroBBS
Message-ID: <666a024a9c74c9a0afd4516952733524@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com> <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com> <643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="26519"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$l5De33LQ2jjx24Jaqcwcqe85uXmtwjYvI5iKtKTaRI/sh97W0Z/Lq
X-Rslight-Posting-User: f423ef9802c62708da086fcb5c26aa554fa9b6cd
 by: lacroix_boi - Wed, 18 May 2022 21:27 UTC

and only grandmothers pull out their pad and pen to try to crunch numbers and break encryption lol..

unless its literally a OTP.

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=459&group=rocksolid.shared.hacking#459

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: fake_em...@mail.i2p (lacroix_boi)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Wed, 18 May 2022 21:25:49 +0000
Organization: RetroBBS
Message-ID: <643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com> <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="26519"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Spam-Level: *
X-Rslight-Site: $2y$10$izifRJTSacdjYD46fUeHa.dgge6Q5.1c2rZNsXKVgze49pZCsgz7a
X-Rslight-Posting-User: f423ef9802c62708da086fcb5c26aa554fa9b6cd
 by: lacroix_boi - Wed, 18 May 2022 21:25 UTC

Hey there, thank you for the extra reading material! I need all the info I can get my hands on.

I actually, like an hour ago, finally cracked the hash. I had apparently been using the "rules" tack incorrectly...which means I wasted a loooooooot of time unnecessarily..lol. Oh well.

I didn't originally plan on mentioning the forum by name because they also function as a market for the hackers and programmers to sell their services, and i wasn't sure the rules this forum had about mentioning potentially illicit wares or services. But fuck it, they'll take it down if they want too lol. Its cryptbb, their official onion link is http://cryptbbtg65gibadeeo2awe3j7s6evg7eklserehqr4w4e2bis5tebid.onion/ (but always verify the link is legit first).

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<adbcb80d25e176510051d1a5b65b7d8c@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=460&group=rocksolid.shared.hacking#460

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: Anonym...@rocksolidbbs.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Thu, 19 May 2022 13:47:17 +0000
Organization: RetroBBS
Message-ID: <adbcb80d25e176510051d1a5b65b7d8c@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com> <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com> <643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="27701"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$HeZ/7LpWoK2vcxaom10va.T8E0FZfWIRLYOaKwNzAf6ToyK84IVme
X-Rslight-Posting-User: 7d1b1c0431a54fcbeb6112e1ac43419a90ad024c
 by: Anonymous - Thu, 19 May 2022 13:47 UTC

thanks for the link, I lost that a while ago....

when you say "cracking the hash" you mean you could generate a value that results in the given hash, right ?

concerning links to hackers boards, I'm not the owner of RetroBBS, but I think Retro Guy has no objections (at least did not have in the past...).

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<fe340c3e8ee7d84a9c3a2a98e98a18a6@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=461&group=rocksolid.shared.hacking#461

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: fake_em...@mail.i2p (lacroix_boi)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Fri, 20 May 2022 05:21:45 +0000
Organization: RetroBBS
Message-ID: <fe340c3e8ee7d84a9c3a2a98e98a18a6@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com> <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com> <643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com> <adbcb80d25e176510051d1a5b65b7d8c@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="25090"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$hYfvrAeN4.dLijlmDbKeyOhkjnTwcbZ45lyXtgtGmvYuGc6JbAWdy
X-Rslight-Posting-User: f423ef9802c62708da086fcb5c26aa554fa9b6cd
 by: lacroix_boi - Fri, 20 May 2022 05:21 UTC

no problem, i get my legit onion links from tor.taxi since i don't trust dark.fail or darknetlive.

And, yeah, pretty much. I didn't double check (although i will now) that the result i got also encrypts into the same hash i found. i used a specific wordlist with a specific set of rules on the hash and the output cat'd to a text file. it said "md5hashxxxxxxxx: passwordxxxxxx" so I presume it is correct.

is "cracking the hash" not the correct term for what i did?

--
Posted on RetroBBS

Re: noob trying to crack a md5 hash

<46ba4b247324a9fdbc6c98cd5a30300c@rocksolidbbs.com>

 copy mid

https://novabbs.com/computers/article-flat.php?id=462&group=rocksolid.shared.hacking#462

 copy link   Newsgroups: rocksolid.shared.hacking
Path: i2pn2.org!.POSTED.rocksolidbbs.com!not-for-mail
From: Anonym...@rocksolidbbs.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: Re: noob trying to crack a md5 hash
Date: Fri, 20 May 2022 07:14:06 +0000
Organization: RetroBBS
Message-ID: <46ba4b247324a9fdbc6c98cd5a30300c@rocksolidbbs.com>
References: <65d1ce0c7351d9420ebb59b90137bdbc@rocksolidbbs.com> <aed93d7d38b8286fea4b269fe353bbe1@rocksolidbbs.com> <643f8c4f45f2a822d492428a1ba0d59a@rocksolidbbs.com> <adbcb80d25e176510051d1a5b65b7d8c@rocksolidbbs.com> <fe340c3e8ee7d84a9c3a2a98e98a18a6@rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1"; posting-host="rocksolidbbs.com:2604:a880:0:202a::9000";
logging-data="2472"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$4eZFJAPR/g6466KHBlqPDeQGl4VkoZBzA0eyhPku6JT2z9JtCBH3i
X-Rslight-Posting-User: 7d1b1c0431a54fcbeb6112e1ac43419a90ad024c
 by: Anonymous - Fri, 20 May 2022 07:14 UTC

>is "cracking the hash" not the correct term for what i did?

I would use "cracking" more in connection with encryption, encryption being a two way function where you can find one solution for the encrypted data, which is the unencrypted data. A hash is a one way function, where you can find an infinite number of matches for any given hash.
But tomaaaatoes, tomatoes....

--
Posted on RetroBBS

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor