MD5: Need Advice
#1
Hi All -

I am working on trying to recover a lost password for a super locked down "appliance" device that has all local accounts with no access or disabled. It is providing critical business functionality, both the vendor employees and others that have access do not remember their passwords and all the system accounts for the web management tool have been lost. Vendors advice to wipe the system and reconfigure by hand from the ground up is not palatable, and would likely require atleast 24 hours of downtime for a patient monitoring system.

I have hashes for the users on the system, and the information used to generate them as well as the methodology for the encoding. The passwords are in MD5 format and are generated using this:

MD5(MD5(username)MD5(password)) 

Since I have the username, I can supply that, but I am looking at the hashcat options and it looks like this is the best match: 

3910
md5(md5($pass).md5($salt))
250920b3a5e31318806a032a4674df7e:1234


How can I go about setting something up for this? Obviously, in that configuration I have the "pass" but not the "salt" because the salt is the password, which I need to break. Is there a way around this? Did I miss something in the documentation? If there's a way to do this with masks and lengths, I have the length of the username obviously.

Edit: To be clear. I don't think I can use MD5($salt.MD5($pass)). In my testing I found that if I take the hex string of the MD5 hash for the username in my case and use that, I do not get the same value. I have to pass the byte[].
#2
Yeah, it sounds like you need a mode that I don't think hashcat currently supports:

md5(md5($salt).md5($pass))

You could then format your hashes as [hash]:[username], and use the username as the 'salt'.

There are probably other tools that support this format.
~
#3
(05-12-2017, 01:33 AM)royce Wrote: Yeah, it sounds like you need a mode that I don't think hashcat currently supports:

md5(md5($salt).md5($pass))

You could then format your hashes as [hash]:[username], and use the username as the 'salt'.

There are probably other tools that support this format.

Hi Royce - do you know of another tool? I would like to use hashcat, but if I have to, I can use a CPU only one. I have access to some biggie size hosts with dual 12core with HT xeons, or other options.
#4
I haven't tried it, but MDXfind might support it? It lists "MD5-MD5SALTMD5PASS". MDXfind supports CPU.
~
#5
well, you could just use -m 3710 = md5($salt.md5($pass)) together with --hex-salt (because you said that the first MD5 is in binary not hex), an example (hashes mask with xxxx):

Code:
$ echo -n PWn3R | md5sum
1d0fxxxx06550cdexxxxxxcd52b0xx75
$ echo -n hashcat | md5sum
8743bxx063xxxx097a65d1xx3f5c74xx
$ echo -en "\x1d\x0f\xxx\xxx\x06\x55\x0c\xde\xxx\xxx\xxx\xcd\x52\xb0\x97\x758743bxx063xxxx097a65d1xx3f5c74xx" | md5sum
4507xx379f96xxxxfce75f4b4exx80c1
$ < hash cat
4507xx379f96xxxxfce75f4b4exx80c1:1d0fxxxx06550cdexxxxxxcd52b0xx75
$ ./hashcat -m 3710 -a 3 -w 3 --hex-salt hash ?l?l?l?lcat
4507xx379f96xxxxfce75f4b4exx80c1:1d0fxxxx06550cdexxxxxxcd52b0xx75:hashcat

So there is no need to use a different tool here, you just need to convert the list to hash:hex_salt and use -m 3710 with --hex-salt (as simple as this!).

Futhermore, what I really do not understand at all about this "problem" is why you would even think about cracking those hashes... What I mean is... if you have access to the database and the hash list etc... why do you not just make a backup/copy of everything and later on generate a "new" correct hash (with correct user name and apply the hash algorithm to the username and pass pair etc) and replace the hash with your newly generated one.

Normally you would only need to crack the hash whenever you really want to know the password in such cases, otherwise you could probably just easily bypass the login with substituted login data (I think you just need to replace the hash here and you should be able to log in)...
... or am I missing something ? In general bypassing the login in such situations is much more clever instead of spending thousands of dollars in a GPU rig and a lot of time to crack them... but as said, your situation might be different, but it's not clear from your first post
#6
Wise philsmd is wise.
~
#7
(05-12-2017, 08:55 AM)philsmd Wrote: well, you could just use -m 3710 = md5($salt.md5($pass)) together with --hex-salt (because you said that the first MD5 is in binary not hex), an example (hashes mask with xxxx):

Code:
$ echo -n PWn3R | md5sum
1d0fxxxx06550cdexxxxxxcd52b0xx75
$ echo -n hashcat | md5sum
8743bxx063xxxx097a65d1xx3f5c74xx
$ echo -en "\x1d\x0f\xxx\xxx\x06\x55\x0c\xde\xxx\xxx\xxx\xcd\x52\xb0\x97\x758743bxx063xxxx097a65d1xx3f5c74xx" | md5sum
4507xx379f96xxxxfce75f4b4exx80c1
$ < hash cat
4507xx379f96xxxxfce75f4b4exx80c1:1d0fxxxx06550cdexxxxxxcd52b0xx75
$ ./hashcat -m 3710 -a 3 -w 3 --hex-salt hash ?l?l?l?lcat
4507xx379f96xxxxfce75f4b4exx80c1:1d0fxxxx06550cdexxxxxxcd52b0xx75:hashcat

So there is no need to use a different tool here, you just need to convert the list to hash:hex_salt and use -m 3710 with --hex-salt (as simple as this!).

Futhermore, what I really do not understand at all about this "problem" is why you would even think about cracking those hashes... What I mean is... if you have access to the database and the hash list etc... why do you not just make a backup/copy of everything and later on generate a "new" correct hash (with correct user name and apply the hash algorithm to the username and pass pair etc) and replace the hash with your newly generated one.

Normally you would only need to crack the hash whenever you really want to know the password in such cases, otherwise you could probably just easily bypass the login with substituted login data (I think you just need to replace the hash here and you should be able to log in)...
... or am I missing something ? In general bypassing the login in such situations is much more clever instead of spending thousands of dollars in a GPU rig and a lot of time to crack them... but as said, your situation might be different, but it's not clear from your first post

I'm too tired to properly digest what you put above, but I can't modify the file this came from. The root account (broke that hash) is disabled. All other console access is blocked because the users have no shell in passwd. 

These md5(md5(salt)md5(pass)) hashes are from the built in admin webpage, not webmin which is also on the server. I read this file along with shadow and passwd using a webmin exploit with a username that has limited access. The webmin is stripped, customized and most modules are disabled and their files deleted.

I reverse engineered the hash using my account which does not have the right access, but has some access to that admin page. I had the hash and played with it until I could recreate my hash using my information and what was in the file. 

This is literally matched using c# doing md5 of the md5 of my username and the md5 of my password hashes concatenated as outlined above. If you use the hex value it doesn't work. 

Do you still think what you linked above will work? Happy to try tomorrow. I also spent two full work days trying to find a working write to file exploit so I could get console access. Also forgot ssh is disabled, postres is installed, but 127 is only allowed address and is not used for user management.

Edit: So tired I forgot to say thank you to both of you for you input.
#8
If you are sure that the algorithm is:

md5_hex(md5($salt) . md5_hex($pass))

... where md5 (x) is the binary/raw output and md5_hex (y) is the hexadecimal output...
then it should work.

just try it either with hashcat or try to use the same credentials (username: "PWn3R", password: "hashcat") with your code to see if you end up with the same final MD5
#9
(05-12-2017, 09:17 AM)philsmd Wrote: If you are sure that the algorithm is:

md5_hex(md5($salt) . md5_hex($pass))

... where md5 (x) is the binary/raw output and md5_hex (y) is the hexadecimal output...
then it should work.

just try it either with hashcat or try to use the same credentials (username: "PWn3R", password: "hashcat") with your code to see if you end up with the same final MD5

Sorry I should've been more clear it's definitely binary value of md5 of user and a separate binary value of md5 of pass concatenated and then md5 and written as a hex string. If I md5 any of them in hex I get a completely different string. I will double check tomorrow but my working code was hex output of the md5 result of separate md5s of username and password concatenated as byte arrays.

String in file is hex of md5(binarymd5value(user)binarymd5value(pass)) I can upload code tomorrow if that is helpful but will also test what you suggested.

Thanks again!
#10
(05-12-2017, 09:26 AM)PWn3R Wrote:
(05-12-2017, 09:17 AM)philsmd Wrote: If you are sure that the algorithm is:

md5_hex(md5($salt) . md5_hex($pass))

... where md5 (x) is the binary/raw output and md5_hex (y) is the hexadecimal output...
then it should work.

just try it either with hashcat or try to use the same credentials (username: "PWn3R", password: "hashcat") with your code to see if you end up with the same final MD5

Sorry I should've been more clear it's definitely binary value of md5 of user and a separate binary value of md5 of pass concatenated and then md5 and written as a hex string. If I md5 any of them in hex I get a completely different string. I will double check tomorrow but my working code was hex output of the md5 result of separate md5s of username and password concatenated as byte arrays.

String in file is hex of md5(binarymd5value(user)binarymd5value(pass)) I can upload code tomorrow if that is helpful but will also test what you suggested.

Thanks again!

philsmd - trying to understand exactly what you were saying. I apologize, this is my first serious foray into anything like this. Are you saying that I can do something like this:

echo -n "username, which is my salt" | md5sum
14c4b06b824ec593239362517f538b29 - this doesn't match just for example sake


Then run hashcat with 3710 and supply the md5'd hash in hex format with --hex-salt along with the original hash? I'd be feeding the salt that is md5'd already.

Edit: I just tested my theory. Unfortunately, it didn't work. I tried this: 

hashcat64.exe -m 3710 -a 3 -1 ?d --gpu-temp-disable --session=all -p : --hex-salt --status --status-timer=5 -w 2 fullhashhere:hexhashofusernamehere ?1?1?1?1?1?1

I used an account where I know both the username and the password as well as the final hash from the file, which I have duplicated using my test C# app. Unfortunately, I get no matches.

Thanks again to both of you for the help!