This topic contains 1 reply, has 2 voices, and was last updated by IUsedToBeACave 3 weeks, 5 days ago.
- September 24, 2020 at 2:06 am #310833
Hello! I have been pen testing my modem/router and I managed to find some hashes through a serial terminal on the router storage.
The default user:pass for the http server (boa) is user:user
I managed to grab this hash:
Does this correspond to the password: user? And what kind of hash is it?
- September 24, 2020 at 2:06 am #310834
It’s a MD5 hash without a salt, and then it is encoded to something that is very similar to base64, but is really just the encoding method using by *nix systems for storing the password hashes in the shadow file.
The MD5 hash of ‘user’ is ‘ee11cbb19052e40b07aac0ca060c23ee’.
The Base64 encoding of the previous hash is ‘7hHLsZBS5AsHqsDKBgwj7g==’
Again the actual mechanism to store the password isn’t base64, but encoding the MD5 hash of the string ‘user’ as Base64 creates a string that is very, very similar to the one in the unix password/shadow file.
- September 24, 2020 at 2:06 am #310835
First of all, change your user password. Now.
And second, try to find out whether your router can use something better than MD5 to hash that password, that’s not really secure anymore.
The answer you’re looking for is here: [https://www.cyberciti.biz/faq/understanding-etcshadow-file/](https://www.cyberciti.biz/faq/understanding-etcshadow-file/)
- September 24, 2020 at 2:06 am #310836
There is a tool with Kali [Hash-Identifier](https://tools.kali.org/password-attacks/hash-identifier) if you want to know what kind of hash it is.
- September 24, 2020 at 2:06 am #310837
The `$1$` prefix makes me think it *might* not be a simple MD5 hash. I’ve seen prefixes like that used with some “self-salting” hash algorithms before, like Bcrypt, where an example hash for “hello world” looks like:
Where the $12$ holds the “12 hashing iterations” parameter and the $2y$ part identifies the hashing algorithm used (e.g.: how a bcrypt validator function can know what version of bcrypt it’s using or whether the hash is even bcrypt at all, so it can skip bothering to validate it if you gave a completely invalid hash).
That said, it could just be an esoteric way of encoding an MD5 hash and it’s hard to identify for 100% certain what algorithm a hash was using apart from trying to guess by its characteristics, i.e. an MD5 hex hash is 32 characters long which is different to SHA-1 which is different to SHA-256. Some like bcrypt can be identified by its magic number prefix but others aren’t so easy.
At any rate: if you’re hoping to recover the plaintext password the only way is to 1) find the algorithm used, and 2) brute force guess every possible password until you find the one that hashes to an equivalent value. Tools like [John the Ripper](https://en.wikipedia.org/wiki/John_the_Ripper) may help here.
You must be logged in to reply to this topic.