Look at ServU password encryption and storage method-vulnerability warning-the black bar safety net

2009-01-15T00:00:00
ID MYHACK58:62200921960
Type myhack58
Reporter 佚名
Modified 2009-01-15T00:00:00

Description

Look at ServU password encryption storage method

First randomly generate a 2-bit characters(from a-z lowercase characters).

Then the user's original password with this 2-bit random character merge to become the new password character.

Such as: the user's original password is a,The randomly generated characters for dx,then after the merger the new password string is:"dxa"

Then use the new password string for MD5 Hash operation.

dxa=F2319AE3B312103BB3259CA8242DD16C

And then stored to the ini file,the storage method for the 2-bit random characters plus the new characters of the MD5 Hash value.

As follows:

[USER=a|1] Password=dxF2319AE3B312103BB3259CA8242DD16c

by:air blue ---------------------------------------------------------------------------- ServU password cracking method:

Remove the top 2 bits of random characters to obtain F2319AE3B312103BB3259CA8242DD16C.

Put the MD5 Hash value stored in the brute-force tool,to generate the dictionary when the note before the 2-bit password must be the dx.

F2319AE3B312103BB3259CA8242DD16C=dxa

With Online that pure digital password is not good. Only since has been looking for the next. Tools:md5crack3. 4 Download address:http://www. adintr. com Open the program interface,selected using the plug-in in the template plugin. Here provided two, respectively, to crack numbers and letters mode For example you want to hack jxE0AD5FBF101B18DB70A0CE163B1BE148 Pure digital:[j][x]1-8{0-9} Pure letter:[j][x]1-8{a-z}

ps:jx is the beginning of the two-letter,1-8 is to hack the number of bits. 0-9 with a-z is to hack the character