Recover Password from md5

[rahhal81]

Hello,

step to generate this code :
md5($hash.$pass.$salt)

Example 1:
hash = c07845847e682be54a8fc912963df26e
salt = 50001711302155
md5 = 11b0c79af9ceb4a9d4ed1bb6f24aa6d8
pass = ??
**. md5($hash.$pass.$salt)
11b0c79af9ceb4a9d4ed1bb6f24aa6d8(c07845847e682be54a8fc912963df26e.$pass.50001711302155)

Example 2:
hash = a219d00bb4fe336bc48e955bf3863585
salt = 50001711302155
md5 = 7702deed0256ef03e5985276a8ecfffd
pass = ??
**. md5($hash.$pass.$salt)
7702deed0256ef03e5985276a8ecfffd(a219d00bb4fe336bc48e955bf3863585.$pass.50001711302155)

** both example have same password, what the way to recover the password for this examples ,
i just register here and i dont have good experiance with this code .
i need help if some body can help me, thanks in advance .

** the password for this 2 examples its : "z9R6hdtFWagU"

thanks

[Snoopy]

Hello,

step to generate this code :
md5($hash.$pass.$salt)

Example 1:
hash = c07845847e682be54a8fc912963df26e
salt = 50001711302155
md5 = 11b0c79af9ceb4a9d4ed1bb6f24aa6d8
pass = ??
**. md5($hash.$pass.$salt)
11b0c79af9ceb4a9d4ed1bb6f24aa6d8(c07845847e682be54a8fc912963df26e.$pass.50001711302155)

Example 2:
hash = a219d00bb4fe336bc48e955bf3863585
salt = 50001711302155
md5 = 7702deed0256ef03e5985276a8ecfffd
pass = ??
**. md5($hash.$pass.$salt)
7702deed0256ef03e5985276a8ecfffd(a219d00bb4fe336bc48e955bf3863585.$pass.50001711302155)

** both example have same password, what the way to recover the password for this examples ,
i just register here and i dont have good experiance with this code .
i need help if some body can help me, thanks in advance .

** the password for this 2 examples its : "z9R6hdtFWagU"

thanks

do you know how your "hash" is generated? because this way (same pass and same salt) why does the "hash" changes?

for your examples it seems more like md5($random_salt.$pass.$fixed_salt)

[rahhal81]

Hi 
Thanks for reply , yes i know how hash its generate , my main point how can i found the password 
And some time i have different examples but sharing same password there is to compare to example to 
Make sure i git the right password. 
Thanks 

How can i use hashcat software or script to found the password. 
Thanks

[Snoopy]

i need to know how your hash is generated to answer correctly because when password and salt are part of it, there will be no easy way for you to recover any password

but lets assume and take your examples

crackme.txt contains your md5:salt

Code:

11b0c79af9ceb4a9d4ed1bb6f24aa6d8:50001711302155
7702deed0256ef03e5985276a8ecfffd:50001711302155

masks.txt contains the bruteforceinput but this needs the "hash" as prefix

Code:

?l?u?d,c07845847e682be54a8fc912963df26e?1?1?1?1?1?1?1?1?1?1?1?1
?l?u?d,a219d00bb4fe336bc48e955bf3863585?1?1?1?1?1?1?1?1?1?1?1?1

but running this results in a bufferoverflow as 62^12 is more than hashcats max of 2^64 possibilites, so i reduced the keyspace to your input pass

masks.txt

Code:

z9R6hdtFWagU,c07845847e682be54a8fc912963df26e?1?1?1?1?1?1?1?1?1?1?1?1
z9R6hdtFWagU,a219d00bb4fe336bc48e955bf3863585?1?1?1?1?1?1?1?1?1?1?1?1

hashcat --status -O -m10 -a3 crackme.txt masks.txt

this should result (i tested it with a shorter pass) in cracking your 2 examples BUT as you see, you need to know your "hash" beforehand, thus you will need to generate your masks also beforehand and then you need to remove these prefixes from the results found in your potfile

and as mentioned, lower upper and digits will result in a bufferoverflow for passes longer than 10

[rahhal81]

i need to know how your hash is generated to answer correctly because when password and salt are part of it, there will be no easy way for you to recover any password

but lets assume and take your examples

crackme.txt contains your md5alt

Code:

11b0c79af9ceb4a9d4ed1bb6f24aa6d8:50001711302155
7702deed0256ef03e5985276a8ecfffd:50001711302155

masks.txt contains the bruteforceinput but this needs the "hash" as prefix

Code:

?l?u?d,c07845847e682be54a8fc912963df26e?1?1?1?1?1?1?1?1?1?1?1?1
?l?u?d,a219d00bb4fe336bc48e955bf3863585?1?1?1?1?1?1?1?1?1?1?1?1

but running this results in a bufferoverflow as 62^12 is more than hashcats max of 2^64 possibilites, so i reduced the keyspace to your input pass

masks.txt

Code:

z9R6hdtFWagU,c07845847e682be54a8fc912963df26e?1?1?1?1?1?1?1?1?1?1?1?1
z9R6hdtFWagU,a219d00bb4fe336bc48e955bf3863585?1?1?1?1?1?1?1?1?1?1?1?1

hashcat --status -O -m10 -a3 crackme.txt masks.txt

this should result (i tested it with a shorter pass) in cracking your 2 examples BUT as you see, you need to know your "hash" beforehand, thus you will need to generate your masks also beforehand and then you need to remove these prefixes from the results found in your potfile

and as mentioned, lower upper and digits will result in a bufferoverflow for passes longer than 10

Hi , 
The hash i generated its not part off salt or password . u can say as random from salt2 but always i know all information. But the password only missing , 
*. hash for salt2 = always i know
*. Salt = i know 
*. md5 = i know 
*. Password = missing
That what i mean . Need recover password 

Thanks

[Snoopy]

well i wrote how to recover but you need your hash/salt2 and depending on keyspace you are limited to a specific lenght

[nick8606]

How can i use hashcat software or script to found the password.

Your algorithm can be defined as md5($salt1.$pass.$salt2). It is absent in current list of algorithms supported by hashcat.

Possible solutions:
1. Using module md5($pass.$salt) and $salt1 as prefix part of password.
2. Using module md5($salt.$pass) and $salt2 as suffix part of password.
3. Creating and using new module for exact algorithm md5($salt1.$pass.$salt2).