Closed Dagon-Project closed 7 years ago
Ekultek
commented
7 years ago This is a linux password, you can (in the meantime) use openssl passwd -1 -salt <GIVEN SALT(xyz)> <THE PASSWORD>
It seems that the algorithm used is md5 and the salt used is xyz I'll create a patch for this and crack it for you, please allow up to 5 days.
Ekultek
commented
7 years ago Regex to match md5_crypt: https://regex101.com/r/0aZo04/1
Ekultek
commented
7 years ago baal@baal-Aspire-5733Z:~/bin/python/dagon$ python dagon.py -c '$1$xyz$jAlmRpcFe.aiPOIXET9GG/' --bruteforce -w /home/baal/big-list -S xyz back
Dagon .. Advanced Hash Manipulation v1.14.31.53(dev)
Clone: https://github.com/ekultek/dagon.git
[*] Starting up at 18:10:20..
[18:13:16 INFO] Using salt: 'xyz' on the 'back' of the hash...
[18:10:20 INFO] Reading from, /home/baal/big-list..
[18:10:20 INFO] Found 1 possible hash types to run against: md5 crypt
[18:10:20 INFO] Starting bruteforce with MD5 CRYPT..
---------------------------------------------------------------------------
[+] Match found:
---------------------------------------------------------------------------
[+] Clear Text: AmericanDad
[+] Hash: $1$xyz$yUYjtWk.fSujZmtlKRxlR1
[+] Tries attempted: 90190
[+] Algorithm Used: MD5 CRYPT
---------------------------------------------------------------------------
[*] Shutting down at 18:11:10..Cracked. Look for patch next update.
Ekultek
commented
7 years ago patched via a5c3102
Ekultek
commented
7 years ago And just for verification:
baal@baal-Aspire-5733Z:~/bin/python/dagon$ openssl passwd -1 -salt xyz AmericanDad
$1$xyz$yUYjtWk.fSujZmtlKRxlR1
baal@baal-Aspire-5733Z:~/bin/python/dagon$
Dagon has failed to crack given hash:
$1$xyz$yUYjtWk.fSujZmtlKRxlR1.This was attempted on
2017-08-11 16:03:24.044980..Commands that were used during failure:
['dagon.py', '-c', '$1$xyz$yUYjtWk.fSujZmtlKRxlR1', '--bruteforce', '-D', 'downloads']Algorithm attempted:
None