Tuesday, March 27, 2012

How to identify Different types of Password Hashes




DES (Unix)
Example: IvS7aeT4NzQPM
Used in Linux and similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters in our Examples salt is the string "IV"), then follows the current hash.


Cached domain credentials
Example: Admin: b474d48cdfc4974d86ef4d24904cdd91
It is used to cache passwords for Windows domain.
Length: 16 bytes.
Algorithm: MD4 (MD4 (Unicode ($ pass)). Unicode (strtolower ($ username)))


MD5 (Unix)
Example: $ $ 1 $ 12,345,678 XM4P3PrKBgKNnTaqG9P0T /
Used in Linux and similar OS.
Length: 34 characters
Description: The signature hash begins with $ 1 $, then there goes the salt (up to 8 random characters in our Examples salt is the string "12345678"), then there is one plus the $ character, followed by current hash.
Algorithm: The truth is that it is a circuit called the MD5 algorithm 2000 times.

MD5 (APR)
Example: $ $ $ 12345678 auQSX8Mvzt.tdBi4y6Xgj apr1.
Used in Linux and similar OS.
Length: 37 characters
Description: The hash begins with the signing apr1 $ $, then there goes the salt (up to 8 random characters in our Examples salt is the string "12345678"), then there is one plus the $ character, followed by current hash.
Algorithm: The truth is that it is a circuit called the MD5 algorithm 2000 times.

MD5 (phpBB3)
Example: $ H $ 9123456785DAERgALpsri.D9z3ht120
3.x.x. used phpBB (forums)
Length: 34 characters.
Description: The signature hash begins with $ H $, then there is a character (usually the number '9 '), then there goes the salt (8 random characters in our Examples salt is the string "12345678"), followed by the current hash.
Algorithm: The truth is that it is a circuit called the MD5 algorithm 2048 times.


MD5 (Wordpress)
Example: $ P $ B123456780BhGFYSlUqGyE6ErKErL01
Used in Wordpress.
Length: 34 characters.
Description: The signature hash begins with $ P $, then there goes one of the characters (most often "B" number), then there goes the salt (8 random characters in our Examples salt is the chain "12345678"), followed by the current hash.
Algorithm: The truth is that it is a circuit called the MD5 algorithm 8192 times.


MySQL
Example: 606717496665bcba
Used in older versions of MySQL
Length: 8 bytes.
Description: The hash is composed of two DWORD, each not exceeding the value of 0x7fffffff.

MySQL5
Example: * E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in new versions of MySQL5
Length: 20 bytes.
algorithm: SHA-1 (SHA-1 ($ pass))
Note: hashes to be loaded into the program without the asterisk is in the beginning of each hash.

RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x
Length: 16 bytes.
Note: The password is padded with zeros to the length of 100 bytes, which hosts all the string with the MD5 algorithm.

MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in v2.x phpBB, Joomla version 1.0.13 below and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the function md5 () in PHP.

md5 ($ pass. $ salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73: 1234
Used in WB News, Joomla version 1.0.13 and above.
Length: 16 bytes.

md5 ($ salt. $ pass)
Example: f190ce9ac8445d249747cab7be43f7d5: 12
Used in osCommerce, AEF, Gallery and other CMS.
(OsCommerce had a bigger fault ..)
Length: 16 bytes.

md5 (md5 ($ pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi CMS and others.
Length: 16 bytes.

md5 (md5 ($ pass). $ salt)
Example: 6011527690eddca23580955c216b1fd2: wQ6
Featured on vBulletin IceBB.
Length: 16 bytes.


md5 (md5 ($ salt). md5 ($ pass))
Example: 81f87275dd805aa018df8befe09fe9f8: wH6_S
Used in IPB.
Length: 16 bytes.

md5 (md5 ($ salt). $ pass)
Example: 816a14db44578f516cbaef25bd8d8296: 1234
Used in MyBB.
Length: 16 bytes.


md5 ($ salt. $ pass. $ salt)
Example: a3bc9e11fddf4fef4deea11e33668eab: 1234
TBDev used.
Length: 16 bytes.

md5 ($ salt.md5 ($ salt. $ pass))
Example: 1d715e52285e5a6b546e442792652c8a: 1234
Used in DLP.
Length: 16 bytes.

SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as sha1 () in PHP.

sha1 (strtolower ($ username). $ pass)
Example: Admin: 6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.

sha1 ($ salt.sha1 ($ salt.sha1 ($ pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b: 1234
Used in WoltLab BB.
Length: 20 bytes.

SHA-256 (Unix)
Example: $ $ 5 $ 12,345,678 jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9z YE1v0
Used in Linux and similar OS.
Length: 55 characters.
Description: The hash begins with the signing of $ 5 $, then there goes the salt (up to 8 random characters in our Examples salt is the string "12345678"), then there is one plus the $ character, followed by the current hash.
Algorithm: The truth is that it is a circuit called the algorithm SHA-256 5000 times.


SHA-512 (Unix)
Example: $ $ 6 $ 12,345,678 U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTIxGEjssvtT1aKyZHjs
Used in Linux and similar OS.
Length: 98 characters.
Description: The hash begins with the signing of $ 6 $, then there goes the salt (up to 8 random characters in our Examples salt is the string "12345678"), then there is one plus the $ character, followed by the current hash.
Algorithm: The truth is that it is a circuit called the algorithm SHA-512 5000 times.

Greetz: Team MetalSoft

2 comments for "How to identify Different types of Password Hashes"

  1. what type of hash would this be:
    \\?a3\\?da\x00(

    ReplyDelete
  2. need help what type of hash is this |02c21f4c1c52ba9216aafbaa5f769830a6dd82964d32b29fa7a6e78bb0f563610

    ReplyDelete

background