Hello folks, I'm doing a pentest on a server, and I got root access
through a Joomla web app, I got a dump of the jp_users table in MySQL,
however the passwords are obviously hashed and salted. I honestly
don't expect the passwords to be strong, so they can be bruteforced,
md5-looked up easily. However, how can I determine the salt value? I
already have root access on the server but I don't know where to look
in MySQL to find the salt value.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
through a Joomla web app, I got a dump of the jp_users table in MySQL,
however the passwords are obviously hashed and salted. I honestly
don't expect the passwords to be strong, so they can be bruteforced,
md5-looked up easily. However, how can I determine the salt value? I
already have root access on the server but I don't know where to look
in MySQL to find the salt value.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]