Cracking the MD5 passwords?
 

Alright I'm tired of this bullshit. I really need to find a way to crack up the MD5 passwords of a user in the database because my forums keep getting hacked over and over again and I have a way to prevent this from happening in the future. I don't care what it's gonna cost me as long as I can find out the passwords.

So any help is greatly appreciated!

you cant crack em... they are salted so basically impossible... even those bruters cant figure out the hashes but you can be getting hacked by them hijacking a cookie of yours and then using that salted hashed that is still encrypted to log in...

just a thought :)

Of course I can crack them. Everything is possible in vBulletin, if you ask me. But only if Jelsoft would be nice enough to tell me on how to do that.

well wouldnt that just ruin the whole security experience? lol

Well wouldn't you rather be safe about the whole thing as well?

well prolly but im sure thats all they can do... i mean salted hashes is the highest security you can get with passwords... its hella better than IPBs salted hashes

I don't understand your logic...

You want to prevent hacking by cracking your passwords? Doesn't make sense to me. :)

Anyway... an md5 hash is a 32char unique (not 100% unique, but close) string using hex numbers. Hashes are one way, so you can't "crack" them, but you can try to find other strings which give you the same hash result (aka a collision). Since the passwords as hashed twice like this:

md5(md5(password) . salt)

it will take a LOT of CPU power to try and find the original password. You'd first to first get all the 32 + salt (3?) character strings that give you the final hash, and then of all of those, you'd have to find all the possible strings that give you the first 32 characters of it.



I think it's safe to say the password storing method is NOT the problem here.

You don't understand why I'm doing this, SirAdrian. I have a few members who are well known as hackers on my forums so I'm thinking of cracking up their passwords on my forums and see if they work on THEIR forum so I can gain access to their ACP and their stupid ass hidden forum which has all the info of hacking vBulletin sites. I wish if vB.com/Jelsoft could do something about that vB site since it's all related to porn and hacking which I doubt that they will take any action. And since Jelsoft won't be able to do this and no one is able to stop them, why can't I do that instead? You don't realize how many Final Fantasy forums they have hacked lately and you don't even know a thing or two about them. Seeing as my FF forum is doing great, I believe I am their next target now. I've been hacked for once already but no, not this time sorry.

I am going through a lot of stress and pain here just so I could find the hashed passwords. I hope someone will be able to help me out here.

Oh that's all I gotta do? Well, it looks simple to me. I mean, I can always hire a professional coder to do that for me. And I'm sure someone in here might be able to do that.

However "noble" your intentions may be, I do believe you can get into trouble with the law for doing this.

So I will be getting into trouble and not them since they are the ones who go around forums and hack them up? That's pathetic!