i have a site i can see the users table

i figured out that they are using some unique salt, because of the 20,000 people, there are no matching md5 hashes

i tryed adding the userid before and after the plain text

i have looked thru all tables but can not find any salt value

i do not have read capabilities on files so i can not look at code

how do you suggest i figure out the hash?

make 100 accounts with the same password?

use a tool?

thx

I would try to attack the weakness of a short salt.

Create an account with password that is 1 to 3 letters long: 'a' (if it will allow you to do so), get the password hash and run a rainbow table against it. If they use a short salt, then the chances are great to discover the salt if the password consists of only one to 3 letters.

For example:

Password: a
Salt: 194583
Result: a194583

If they allow numbers as a password, it would be even better!

Which would be fairly easy to run against, considering that a 8 char password can be 'cracked' in 12 minutes on a proper system.

Also try timestamps, time(), microtime(), rand(0,9) as salt, developers are lazy.

.



Edited 1 time(s). Last edit at 06/18/2012 06:39PM by Skyphire.