---------------*nix系------------------------

系统:ES(Unix)

例子: IvS7aeT4NzQPM

说明:Linux或者其他linux内核系统中

长度: 13 个字符

描述:第1、2位为salt,例子中的'Iv'位salt,后面的为hash值

 

系统:MD5(Unix)

例子:$1$12345678$XM4P3PrKBgKNnTaqG9P0T/

说明:Linux或者其他linux内核系统中

长度:34个字符

描述:开始的$1$位为加密标志,后面8位12345678为加密使用的salt,后面的为hash

加密算法:2000次循环调用MD5加密

举例:

密文:$1$73$aCtXgEDmSyXAyRHJ.87e.0

明文:r9n3d2p6

unix系的md5 crypt算法,$1$作标示用,73是salt,aCtXgEDmSyXAyRHJ.87e.0 就是salt过的hash

linux下用openssl命令可以复现,具体命令:openssl passwd -1 -salt 73 r9n3d2p6

php里可以用这个函数 http://php.net/manual/en/function.crypt.php

cmd5好像只支持8位salt的md5 crypt,所以想破解的话只能自己用JTR啥的跑了,好在是md5,很快的。

 

系统:SHA-512(Unix)

例子:$6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm

说明:Linux或者其他linux内核系统中

长度: 13 个字符

描述:开始的$6$位为加密标志,后面8位为salt,后面的为hash

加密算法:5000次的SHA-512加密

 

系统:SHA-256(Unix)

例子:$5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi

说明:Linux或者其他linux内核系统中

长度: 55 个字符

描述:开始的$5$位为加密标志,后面8位为salt,后面的为hash

加密算法:5000次的SHA-256加密

 

系统:MD5(APR)

例子:$apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.

说明:Linux或者其他linux内核系统中

长度:37个字符

描述:开始的$apr1$位为加密标志,后面8位为salt,后面的为hash

加密算法:2000次循环调用MD5加密

 

-----------------windows------------------------------------------

系统:windows

例子:Admin:b474d48cdfc4974d86ef4d24904cdd91

长度:98个字符

加密算法:MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))

 

------------------mysql--------------------------------------------

系统:mysql

例子:606717496665bcba

说明:老版本的MySql中

长度:8字节(16个字符)

说明:包括两个字节,且每个字的值不超过0x7fffffff

系统:MySQL5

例子:*E6CC90B878B948C35E92B003C792C46C58C4AF40

说明:较新版本的MySQL

长度:20字节(40位)

加密算法:SHA-1(SHA-1($pass))

 

------------------其他系统---------------------------------------------

系统:MD5(WordPress)

例子:$P$B123456780BhGFYSlUqGyE6ErKErL01

说明:WordPress使用的md5

长度:34个字符

描述:$P$表示加密类型,然后跟着一位字符,经常是字符‘B’,后面是8位salt,后面是就是hash

加密算法:8192次md5循环加密

 

系统:MD5(phpBB3)

说明:phpBB 3.x.x.使用

例子:$H$9123456785DAERgALpsri.D9z3ht120

长度:34个字符

描述:开始的$H$为加密标志,后面跟着一个字符,一般的都是字符‘9’,然后是8位salt,然后是hash   值

加密算法:2048次循环调用MD5加密

 

系统:RAdmin v2.x

说明:Remote Administrator v2.x版本中

例子:5e32cceaafed5cc80866737dfb212d7f

长度:16字节(32个字符)

加密算法:字符用0填充到100字节后,将填充过后的字符经过md5加密得到(32位值)

 

------------------------md5加密--------------------------------------------

标准MD5

例子:c4ca4238a0b923820dcc509a6f75849b

使用范围:phpBB v2.x, Joomla 的 1.0.13版本前,及其他cmd

长度:16个字符

其他的加salt及变形类似:

md5($pass.$salt)

例子: 6f04f0d75f6870858bae14ac0b6d9f73:1234

md5($salt.$pass)

例子:f190ce9ac8445d249747cab7be43f7d5:12

md5(md5($pass))

例子:28c8edde3d61a0411511d3b1866f0636

md5(md5($pass).$salt)

例子:6011527690eddca23580955c216b1fd2:wQ6

md5(md5($salt).md5($pass))

例子: 81f87275dd805aa018df8befe09fe9f8:wH6_S

md5(md5($salt).$pass)

例子: 816a14db44578f516cbaef25bd8d8296:1234

md5($salt.$pass.$salt)

例子: a3bc9e11fddf4fef4deea11e33668eab:1234

md5($salt.md5($salt.$pass))

例子: 1d715e52285e5a6b546e442792652c8a:1234


DES(Unix)

Example: IvS7aeT4NzQPM

Used in Linux and other similar OS.

Length: 13 characters.

Description: The first two characters are the salt (random characters; in our example the salt is the string “Iv”), then there follows the actual hash.

Notes: [1] [2]

Domain Cached Credentials

Example: Admin:b474d48cdfc4974d86ef4d24904cdd91

Used for caching passwords of Windows domain.

Length: 16 bytes.

Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))

Note: [1]

 

MD5(Unix)

Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/

Used in Linux and other similar OS.

Length: 34 characters.

Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.

Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.

Notes: [1] [2]

 

MD5(APR)

Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.

Used in Linux and other similar OS.

Length: 37 characters.

Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.

Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.

Notes: [1] [2]

 

MD5(phpBB3)

Example: $H$9123456785DAERgALpsri.D9z3ht120

Used in phpBB 3.x.x.

Length: 34 characters.

Description: The hash begins with the $H$ signature, then there goes one character (most often the number ’9′), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.

Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.

Notes: [1] [2]

 

MD5(WordPress)

Example: $P$B123456780BhGFYSlUqGyE6ErKErL01

Used in WordPress.

Length: 34 characters.

Description: The hash begins with the $P$ signature, then there goes one character (most often the number ‘B’), then there goes the salt (8 random characters; in our example the salt is the string “12345678″), followed by the actual hash.

Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.

Notes: [1] [2]

 

MySQL

Example: 606717496665bcba

Used in the old versions of MySQL.

Length: 8 bytes.

Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.

 

MySQL5

Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40

Used in the new versions of MySQL.

Length: 20 bytes.

Algorithm: SHA-1(SHA-1($pass))

Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.

 

RAdmin v2.x

Example: 5e32cceaafed5cc80866737dfb212d7f

Used in the application Remote Administrator v2.x.

Length: 16 bytes.

Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.

 

MD5

Example: c4ca4238a0b923820dcc509a6f75849b

Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.

Length: 16 bytes.

Algorithm: Same as the md5() function in PHP.

md5($pass.$salt)

Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234

Used in WB News, Joomla version 1.0.13 and higher.

Length: 16 bytes.

Note: [1]

 

md5($salt.$pass)

Example: f190ce9ac8445d249747cab7be43f7d5:12

Used in osCommerce, AEF, Gallery and other CMS.

Length: 16 bytes.

Note: [1]

 

md5(md5($pass))

Example: 28c8edde3d61a0411511d3b1866f0636

Used in e107, DLE, AVE, Diferior, Koobi and other CMS.

Length: 16 bytes.

 

md5(md5($pass).$salt)

Example: 6011527690eddca23580955c216b1fd2:wQ6

Used in vBulletin, IceBB.

Length: 16 bytes.

Notes: [1] [3] [4]

 

md5(md5($salt).md5($pass))

Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S

Used in IPB.

Length: 16 bytes.

Notes: [1] [3]

 

md5(md5($salt).$pass)

Example: 816a14db44578f516cbaef25bd8d8296:1234

Used in MyBB.

Length: 16 bytes.

Note: [1]

 

md5($salt.$pass.$salt)

Example: a3bc9e11fddf4fef4deea11e33668eab:1234

Used in TBDev.

Length: 16 bytes.

Note: [1]

 

md5($salt.md5($salt.$pass))

Example: 1d715e52285e5a6b546e442792652c8a:1234

Used in DLP.

Length: 16 bytes.

Note: [1]

 

SHA-1

Example: 356a192b7913b04c54574d18c28d46e6395428ab

Used in many forums and CMS.

Length: 20 bytes.

Algorithm: Same as the sha1() function in PHP.

 

sha1(strtolower($username).$pass)

Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a

Used in SMF.

Length: 20 bytes.

Note: [1]

 

sha1($salt.sha1($salt.sha1($pass)))

Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234

Used in Woltlab BB.

Length: 20 bytes.

Note: [1]

 

SHA-256(Unix)

Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9zYE1v0

Used in Linux and other similar OS.

Length: 55 characters.

Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.

Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.

Notes: [1] [2]

 

SHA-512(Unix)

Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTIxGEjssvtT1aKyZHjs

Used in Linux and other similar OS.

Length: 98 characters.

Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string “12345678″), then there goes one more $ character, followed by the actual hash.

Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.

Notes: [1] [2]

————————————————-

Notes:

[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).

[2] The hash is to be loaded to the program in full, to the “Hash” column – the program will automatically extract the salt and other required data from it.

[3] The ‘:’ character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.

[4] Salt can contain special characters – single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a’4 instead of a\’4, as well as the salts a”4 instead of a\”4 and a\4 instead of a\\4.

from:http://forum.insidepro.com/viewtopic.php?t=8225

unix hash加密方式判断

unix下:

$1开头为MD5

$5开头为SHA256

$6开头为SHA512

DES和明文开头无标记

留言评论(旧系统):

佚名 @ 2013-01-25 14:56:39

问下核总以下这种加密是什么方式的(密文后门都有带 = 号): AxaYeErJ01g= 2IPITHog3ZbjoR3aMrLnnQ== Zoj3OZedYVWNSQpm/YNu7w==

本站回复:

这不是加密,这是base64编码,解码后为二进制数据(不要认为所有密码都是可显示字符),这段二进制便为密匙。

佚名 @ 2013-01-26 08:31:56

再请教下核总: 解密前的密文:SI/crom508IRZV5829iGpg== base64编码后的密文:U0kvY3JvbTUwOElSWlY1ODI5aUdwZz09 问下要什么方式才能解密出密码(哪种解密方式)。

本站回复:

没明白你想表达什么,我只看到: 1、Base64(SI/crom508IRZV5829iGpg==) 等于 U0kvY3JvbTUwOElSWlY1ODI5aUdwZz09 2、SI/crom508IRZV5829iGpg== 等于 Base64(一串二进制数据) 3、这串二进制数据应该是加密后的密匙,由于二进制数据为不可显示字符串,所以一般程序员都将它编码成base64字符串,使之成为可显示字符串(也就是:SI/crom508IRZV5829iGpg==),方便查询。 4、至于这段二进制数据是如何加密的,呵呵,告诉你吧,几乎所有加密算法的加密结果都是二进制数据,他可能是 MD5 也可能是 Sha1,由于你给出的信息量太少,所以这里无法判断…… 5、你平时看到的MD5密文,其实也是二进制数据,只不过是以十六进制方式表示罢了,和base64编码的目的一样,使之成为可显示字符串,方便管理。 6、所以,如果假设这段二进制为MD5加密的,那么只需要将这段二进制数据以十六进制方式显示,即可得到传统的MD5密文,例如 SI/crom508IRZV5829iGpg== 解码后的二进制数据所对应的十六进制字符串为:488fdcae89b9d3c211655e7cdbd886a6 7、大部分MD5破解网站都支持Base64格式的MD5密文,直接破解即可。 详细:http://lcx.cc/?i=3304

佚名 @ 2013-01-28 12:56:38

再次请教下核总,Radmin加密的MD5是不是没有办法破解的,我找了很多资料好像破解Radmin都是用别人反编译后的Radmin_Hash直接输入HASH进行连接的。就想问下你Radmin怎么才能破解出它的明文密码?

本站回复:

没有研究过,看文中说“字符用0填充到100字节后,将填充过后的字符经过md5加密得到”,那么也就是说将原始密文用0填充到100字节,原始密文长度变长了,增加了MD5破解难度,没有现成的破解程序。 按照它的处理过程,你倒是可以试试字典破解,和传统方式一样,只是这里将字典每个密码用0填充到100字节,然后使用MD5加密,与密文比对。

佚名 @ 2013-08-08 08:59:36

0oT{oHvKCBcZydCoBffKVGBusZkP1w9UDxaW3o/gv0BPRCYnMFJWTFeu18QubwyP,,,,64位的,在win2003上MYSQL中取出的,如何判断加密类型?谢谢

本站回复:

Base64编码的加密数据,类型不清楚。

会飞的猪 @ 2014-02-09 17:05:23

此为何种加密方式,密文有时候是16位,有时候是32位,如下 B26217233137DCDC,9374E6D17CE51EFE0A341FD0C1093CDA

本站回复:

看样子是MD5,但一般都会用16或32固定长度,你这个为什么有时候是32位。

会飞的猪 @ 2014-02-09 17:26:22

应该不是MD5,因为没有一个查的出来,他就是有的密文是16位的,有的密文是32位的,让我纠结啊。。

本站回复:

你最好弄些明文和对应的密文样本作比较,找规律。

佚名 @ 2016-06-14 07:24:07

求教密文类型 POST数据:s=E2E05321FCA478C2397B45871E43260171577CDBD1079542E13D0FEAF1228E8A75D8CC0257C0071F23DECC2D10FBC36380C1EA9BB1BED69892BAAAB882FFA244488E824AAF511C1946978E561F5707866D8F1A3538751D5937F99CD239D5864B5FFA89C56B2379EED429BE9259D5AF1A2CC0A2EB46ECA932B5984CF0F326884F 回包: 488E834FE557051A419BCF0F4C1F44893B8C05603C71025F32FE8626E3D662BC588A71206A2A8273D2AE5995A8FC72E2DEC1A413A6EBD3C8349CCB17EE5C0088363E19D773A426CD54B01125B17A171591CBC0

本站回复:

[暂无回复]