HI guys,

Another idea would be to create a couple users and since you have access to the database where the passwords are stored and you know what your passwords are, you should be able to deduce the salted part of your hashes.

Good luck!

-Samayel

Sent from my Blackberry® on the Videotron Mobile Network

-----Original Message-----

From: cp77fk4r <empty0page (at) gmail (dot) com [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Mon, 13 Jun 2011 19:57:43

To: Voulnet<voulnet (at) gmail (dot) com [email concealed]>

Cc: webappsec (at) securityfocus (dot) com [email concealed]<webappsec (at) securityfocus (dot) com [email concealed]>

Subject: Re: Determine Salt used by MySQL in root'd server

Try to look in the source of the login page, or in some config file

that included to it.

On Sunday, June 12, 2011, Voulnet <voulnet (at) gmail (dot) com [email concealed]> wrote:

> Hello folks, I'm doing a pentest on a server, and I got root access

> through a Joomla web app, I got a dump of the jp_users table in MySQL,

> however the passwords are obviously hashed and salted. I honestly

> don't expect the passwords to be strong, so they can be bruteforced,

> md5-looked up easily. However, how can I determine the salt value? I

> already have root access on the server but I don't know where to look

> in MySQL to find the salt value.

>

>

>

> This list is sponsored by Cenzic

> --------------------------------------

> Let Us Hack You. Before Hackers Do!

> It's Finally Here - The Cenzic Website HealthCheck. FREE.

> Request Yours Now!

> http://www.cenzic.com/2009HClaunch_Securityfocus

> --------------------------------------

>

>

This list is sponsored by Cenzic

--------------------------------------

Let Us Hack You. Before Hackers Do!

It's Finally Here - The Cenzic Website HealthCheck. FREE.

Request Yours Now!

http://www.cenzic.com/2009HClaunch_Securityfocus

--------------------------------------

[ reply ]