room362

Open full view…

Password Magic Numbers · Rob 'mubix' Fuller

Tue, 09 May 2017 15:37:53 GMT

waffle-real
Tue, 09 May 2017 15:37:53 GMT

The password, as shown, has a different hash. You can’t handle the truth! has a hex value of $HEX[596f752063616ee28099742068616e646c652074686520747275746821] Note the encoding of the ’ as e28099. You probably intended to use ', which does hash to the right value. This was one of the reasons that I invented the use of the $HEX[] encoding standard for passwords, which many programs have now adopted. Either way, MDXfind correctly hashes either version :-) NTLMx01 5ca0a91ef06fc93ae045fe0f801a0971:$HEX[596f752063616ee28099742068616e646c652074686520747275746821] NTLMx01 e478b144e719cff85a5f2028f0df1808:You can't handle the truth!

waffle-real
Tue, 09 May 2017 15:40:44 GMT

And, for what it is worth, MDXfind can use up to 10,000 character passwords, in almost all hash algorithms...

stephenlinderman
Thu, 25 May 2017 11:29:22 GMT

I am always impressed with your work mubix. Stay frosty!!

stephenlinderman
Thu, 25 May 2017 11:49:27 GMT

also I thought 42 was the magic number

adamkobukowski
Fri, 11 Aug 2017 07:13:49 GMT

While this is really interesting, I see this article as harmful. Why? Code crackers read it too, they will update their methods, GPUs will advance, so this article will be soon outdated, giving false and unsafe information.