So I found out I'm in the latest lulzsec release due to an old account on hackforums.net which they dumped teh whole DB from
Can anyone help me validate my hash/salt with possible passwords?
A given entry from the db leak is
,(69593, '[REDACTED]', 'eace3bb282ccf8e94c3deecca34387cd', 'Nc35cumy', 'jqU7rP8f72wSyaluRJWvASydPueY8pyGnIWHUTgQB4iAT1PVdb', '[REDACTED]', 7, 0, 0.00, NULL, NULL, NULL, 2, NULL, 0, NULL, 1245380456, 1280737988, 1280736651, 1280731356, NULL, 0, NULL, NULL, NULL, '13-1-1991', 'all', NULL, NULL, 1, 0, 0, 0, 1, 2, 0, 'linear', 1, 1, 1, 1, 0, 0, 0, NULL, NULL, -5, 1, 2, NULL, NULL, 3, 0, 0, 0, NULL, '1**$%%$2**$%%$3**$%%$4**', NULL, 58522, 0, 0, '70.127.62.142', '97.96.9.20', 1633683732, 1182744206, 'english', 28895, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, NULL)
password hash is the 3rd entry and salt is the 4th entry, so eace3bb282ccf8e94c3deecca34387cd:Nc35cumy in this example (not my account obv)
I tried using the same perl crypt() script that I used for the Gox leak but it's not outputting a hash in the format I see in the leaked data.
Please help!
Topic: How to check MtGox Hashdump for your password? (Read 3769 times)
i have no idea, but there was a thread last night linking to this forum that probably would know:
http://forum.insidepro.com/viewtopic.php?t=9124&postdays=0&postorder=asc&start=75&sid=1a9e31567fe815c0eea63c40c39fb707
http://forum.insidepro.com/viewtopic.php?t=9124&postdays=0&postorder=asc&start=75&sid=1a9e31567fe815c0eea63c40c39fb707
I don't remember my mtgox password either.
I'm not having much luck with ihashgpu.
It wants a HEX input for the pass, but the password hash is stored as something like base64. I say "something like" because the hashes are not stored in standard base64.
How do you get it to handle salted passwords of the form: $1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh ?
I'm not having much luck with ihashgpu.
It wants a HEX input for the pass, but the password hash is stored as something like base64. I say "something like" because the hashes are not stored in standard base64.
How do you get it to handle salted passwords of the form: $1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh ?
spread this around so all the exchanges will take note.
http://www.golubev.com/hashgpu.htm
it uses the same hardware we are mining with.
http://www.golubev.com/hashgpu.htm
it uses the same hardware we are mining with.
I dont know how people manage to remember dozens of different long passwords.
I'm sure there are others.The problem is, it's like a sheet of paper hidden at home: you cant take it anyway with your.
Like beein in the university or publich computers, where you cant even run your soft from usb key
any way without setting up apache? have windows and a linux vserver for use
basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
If you were, for example, the first line in the file:basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
Code:
1,jed,[email protected],$1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh/
Code:
$ openssl passwd -1 -salt E1xAsgR1
I dont know how people manage to remember dozens of different long passwords.
I'm sure there are others. I dont know how people manage to remember dozens of different long passwords.
http://lastpass.com/
I dont know how people manage to remember dozens of different long passwords.
i mostly cant even learn a new pin for my bank card so i have to laser code them on the cards...
but i got it with the .php method on my webspace, it was to my luck not the most important one
i mostly cant even learn a new pin for my bank card so i have to laser code them on the cards...
but i got it with the .php method on my webspace, it was to my luck not the most important one
Yep -- found my username and e-mail address on the .csv
Rule number one: use a unique password for every web site you use -- especially e-commerce sites of any kind
Rule number two: sixteen characters or more, mixed upper/lowercase/numbers/symbols
Rule number three: change them frequently
My MtGOX password was exclusive to MtGOX, and followed the above rules. Expected this to happen on at least one site on which I trade securities sooner rather than later.
Life goes on.
Rule number one: use a unique password for every web site you use -- especially e-commerce sites of any kind
Rule number two: sixteen characters or more, mixed upper/lowercase/numbers/symbols
Rule number three: change them frequently
My MtGOX password was exclusive to MtGOX, and followed the above rules. Expected this to happen on at least one site on which I trade securities sooner rather than later.
Life goes on.
any way without setting up apache? have windows and a linux vserver for use
basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
basically i just want to take the salt from my line in the csv, then try some of the passwords i mostly use.
$1$ means it's using MD5. Use the crypt command.
Thats not the one. its sometgin with perl and you inser your salt from beween $1$...$ there!
I am no doupting if it is easy enough to be cracked, i just want to check which one i used on the account!
because it could be that i used exactly the harder one like on the email i used there = problem
or i used my default easy i-dont-care-just-creating-test-account one. than i just say srew that...
I am no doupting if it is easy enough to be cracked, i just want to check which one i used on the account!
because it could be that i used exactly the harder one like on the email i used there = problem
or i used my default easy i-dont-care-just-creating-test-account one. than i just say srew that...
On a linux system:
echo yourpassword | sha1sum
But I think unless you used a really, really, really good password (20+ characters alpha, numeric, specials) it's in all the rainbow tables and is completely compromised.
echo yourpassword | sha1sum
But I think unless you used a really, really, really good password (20+ characters alpha, numeric, specials) it's in all the rainbow tables and is completely compromised.
I read about a perl command line, which creates the salted hash with a given password.
does anyone rember?
forget which key i used on a 2nd mtgox account, would like to check if it was one of my important or less importand passwords, so i know if i need to change them anywhere else.
does anyone rember?
forget which key i used on a 2nd mtgox account, would like to check if it was one of my important or less importand passwords, so i know if i need to change them anywhere else.
Jump to: