Posts: 11
Threads: 4
Joined: Sep 2017
Reputation:
0
10-26-2017, 08:21 PM
(This post was last modified: 02-15-2019, 05:46 PM by s3in!c.)
As per my other thread, I am adding support to cut or weird hashes MDXfind outputs and in my tool, I have to hash the plain to be able to find where the cuts are.
So can someone explain what MD5-3xMD5x01 and MD5-4xMD5x01 are? I know you are doing an MD5 of the plain, but I dont know what the MD5-4 part is doing.
Any help is appreciated.
Thanks
Posts: 11
Threads: 4
Joined: Sep 2017
Reputation:
0
10-26-2017, 08:34 PM
(This post was last modified: 02-15-2019, 05:46 PM by s3in!c.)
Also no idea how MD5SWAP works either.
For example: c3c61c45e19886e04c49725211dddd4c:3q35leud
Posts: 4
Threads: 0
Joined: Oct 2015
Reputation:
2
10-27-2017, 05:02 PM
(This post was last modified: 02-15-2019, 05:47 PM by s3in!c.)
MD5-3xMD5x01 e43b5d9f28f356c253c9763d88066831:password
MD5SWAPx01 5350640911fe01c72b11a77938c17dce:password
MD5-4xMD5x01 16e96ae9f2e6a0ad3c123f0b8e2e3f9d:password
MD5x01 5f4dcc3b5aa765d61d8327deb882cf99:password
echo -n 5f4dcc3b5aa765d61d8327deb882cf995f4dcc3b5aa765d61d8327deb882cf995f4dcc3b5aa765d61d8327deb882cf99 | md5um
e43b5d9f28f356c253c9763d88066831
MD5-3xMD5 is just 3 MD5's wide
echo -n 5f4dcc3b5aa765d61d8327deb882cf995f4dcc3b5aa765d61d8327deb882cf995f4dcc3b5aa765d61d8327deb882cf995f4dcc3b5aa765d61d8327deb882cf99 | md5sum
16e96ae9f2e6a0ad3c123f0b8e2e3f9d
And 4 MD5's
echo -n 1d8327deb882cf995f4dcc3b5aa765d6 | md5sum
5350640911fe01c72b11a77938c17dce
MD5SWAP swaps the upper and lower 16 bytes of the ascii-hex MD5 result, and re-hashes it.
Posts: 11
Threads: 4
Joined: Sep 2017
Reputation:
0
10-27-2017, 06:32 PM
(This post was last modified: 02-15-2019, 05:47 PM by s3in!c.)
Got it, thanks for the help.
Probably have a bunch more as I work through the list I found. Just adding support as I run into them.
Posts: 11
Threads: 4
Joined: Sep 2017
Reputation:
0
10-27-2017, 07:10 PM
(This post was last modified: 02-15-2019, 05:47 PM by s3in!c.)
few more please, if you dont mind:
MD5SQL5-32x01
MD5SQL5-40x01
MD5sub8-24MD5x01
MD5bcadx01
Thanks
Posts: 4
Threads: 0
Joined: Oct 2015
Reputation:
2
10-27-2017, 08:53 PM
(This post was last modified: 02-15-2019, 05:48 PM by s3in!c.)
MD5SQL5-40 is just the standard uppercase sha1(sha1raw($pass)) 40 ascii-hex characters
MD5SQL5-32 is different. It tries 8 different variations of upper/lower, with a *hash, without *, with 1*hash and length 32 or 33 (* with 32 characters). All variations of which are found in the wild.
MD5bcad just re-orders the 4 32-bit subfields in the md5 result (instead of abcd, it is bcad):
MD5x01 5f4dcc3b5aa765d61d8327deb882cf99:password
MD5bcadx01 5aa765d61d8327de5f4dcc3bb882cf99:password
MD5sub8-24 takes the 16 hex-ascii characters from the middle of the MD5, and runsh MD5 over that.
mdxfind -f /dev/null -z -h "the hashes you want" simple.dict
will give you example of each hash, for each word in the simple.dict....
