+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: MySQL AES Encrypt (/thread-4139.html)
MySQL AES Encrypt - s500bg - 03-02-2015
Hi there. Anybody know a way using oclHashcat for cracking the KEY of encrypting mysql AES_ENCRYPT function?
Im looking for salt/key if i know the plaintext and hash
RE: MySQL AES Encrypt - undeath - 03-02-2015
not possible.
RE: MySQL AES Encrypt - s500bg - 03-02-2015
How about the whole string? There MUST be a way to bruteforce AES_ENCRYPT hash.
RE: MySQL AES Encrypt - epixoip - 03-03-2015
It's not a hash, it's encrypted. You're asking how to brute force an AES key, which is either 2^128 or 2^256. This is not possible. You might have some luck if the developer screwed up and only used keys in the ASCII range, but then you're still looking at 95^16 or 95^32.
RE: MySQL AES Encrypt - s500bg - 03-03-2015
epixoip i c your point but not fully.
I *might* know how i can do it in php/mysql.
cheking 0-100000
for($i=0;$i<100000;$i++)
{
if(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $i, pack('H*', $hash), 'ecb') === $plain)
{
echo 'Encrypt key: '.$i; die();
}
}
however its slow since using cpu.
RE: MySQL AES Encrypt - epixoip - 03-03-2015
That's sort of the idea, except "0-100000" are not valid keys. The key is either going to be 16 or 32 characters long, depending on whether it's a 128-bit key or 256-bit key. And each character should be in the full 0x00 - 0xff range, unless the developer screwed up and used a printable key, in which case it will be in the 0x20-0x7e range.
It doesn't matter though because even the best-case scenario you're looking at 95^16, which can't be brute forced with even the largest clusters working on the fastest algorithms.