[HELP]Password script

Page 2 of 2 1 2
09/07/2009 05:50 Necron33#16
Quote:
Originally Posted by funhacker View Post
Seriously dude the only way you are going to reverse the hash into an actual word/sentence etc. is if you had a program repeatedly come up with random letters numbers and symbols until it found an md5 that matched. But ultimately this is still not decrypting and it is VERY ineffective specially running for a password recovery.

But now thinking about it is this because you are starting another server or are you trying to use existing md5hash passwords and logins that you may of obtained from another game/server?
Not either of, It's a simple research i am doing. Top Secret.
and seriously, Decrypting MD5 Hashes can be done using Low level languages as C++, PHP will NOT do it, unless it's encrypted in an other way.
Account server encrypts and decrypts MD5 hashes 24/7 to check for authentication in accounts.
09/07/2009 08:06 funhacker#17
Quote:
Originally Posted by The Crasher View Post
funhacker , you say you cant decrypt md5
let me proof you that it is posseble on a simple way

if you go to your db , the password is entered in md5
now , go to a forum and get the same password , it got other numbers but it is still the same password but it is created with other value's

so the password md5 of your forum will never work into eudemons , the value is wrong (still same password )

now a other funny thing
a password get decrypted to check if it is the same password with the same value
every code can be decrypted , it use the same way as encrypting but then to the other direction

the only thing you need is the value that it use to encrypt and then you can decrypt

basicly , if you use the forum password to decrypt with the wrong value's then you get a differend password
if you use it with the right value then you get exact the same

hardest part , try to get the value :D

for the rest , everything that you can encrypt can be decrypted , no mather what code it is
there are no safe ways of unencrypted data
els they would use only md5 as the safest way and not other encrypting methodes
and in case of intrests just follow this link
MD5 - Wikipedia, the free encyclopedia
Encryption - Wikipedia, the free encyclopedia

Thank you
Greets From The Crasher
Seriously dude google the meaning of HASH and Encrypted notice the difference?
Encryption is 2 way process there IS a value that is used to encrypt/decrypt the final value.
A hash uses an alogrythm to hash the value to a set length. So you can NOT reverse the hash. Sadly with md5 there is even a possibility (very little) that there are multiple values that will return the same hash value.
So you can md5 an entire novel and it will still only return a 32byte string. So explain to me how it would even be possible to store over 100,000 words into a 32byte string? If this was possible don't you think that programs like winword would be able to compress all their files to just 32bytes no matter how long.
No point arguing facts it just is that you can't "decrypt" hash because you can't decrypt something that is NOT encrypted.
09/07/2009 12:16 King_Arthur#18
Quote:
Originally Posted by The Crasher View Post
now a other funny thing
a password get decrypted to check if it is the same password with the same value
every code can be decrypted , it use the same way as encrypting but then to the other direction
Quote:
Originally Posted by Necron33 View Post
Account server encrypts and decrypts MD5 hashes 24/7 to check for authentication in accounts.
Two birds one stone. Account server never "decrypts" the hashes. The password that you enter into the client is hashed and then compared with the password in the database. You guys have the right idea, but are applying it to the completely wrong situation.

Quote:
Originally Posted by The Crasher View Post
if you go to your db , the password is entered in md5
now , go to a forum and get the same password , it got other numbers but it is still the same password but it is created with other value's

so the password md5 of your forum will never work into eudemons , the value is wrong (still same password )
That's is because your forum doesn't use the same salt value and process as the one that hashes the passwords for EO. It could even be using a plain MD5 script that is vulnerable to rainbow tables.
09/08/2009 19:39 commandcom#19
loled abit by reading this :D let me give you some videos to watch
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
they do explain it very nicely
09/08/2009 19:40 commandcom#20
loled abit by reading this :D let me give you some videos to watch
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
they do explain it very nicely
09/08/2009 21:48 forcer#21
doing md5 collisions is not decrypting. you are obviously missing the point of hashing algorithms. they were designed to not be reversible, and if there is way to create string that matches md5 hash, it's vulnerability of the algorithm. not to mention chance of getting the original password is 1:1 000 000 000 as collision algorithms only try to get the same hash from generated string (for example word "skin" would have md5 5aff4d8200123c34f4 and phrase "FSIOYfghdysfgusykg$%^%$@^jkrdhgasfgkjgdasker34$%@ #$^$%7" might have SAME md5).


Necron, you're having obsession over c++ or what? it's not ultimate answer to everything, it's just computer language and you can use it for various purposes, just like any other language(fortran, pascal, c, java, python, perl, php). And breaking md5 is just about maths - you can do maths in javascript or visual basic.. so you can implement md5 collision POC in branfuck if you want.

So conclusion is: reversing/rainbow table cracking md5 is inefficient way to get back the password. It's always better send new randomly generated password by mail to recover access to the user.
09/09/2009 01:20 Necron33#22
Quote:
Originally Posted by forcer View Post
doing md5 collisions is not decrypting. you are obviously missing the point of hashing algorithms. they were designed to not be reversible, and if there is way to create string that matches md5 hash, it's vulnerability of the algorithm. not to mention chance of getting the original password is 1:1 000 000 000 as collision algorithms only try to get the same hash from generated string (for example word "skin" would have md5 5aff4d8200123c34f4 and phrase "FSIOYfghdysfgusykg$%^%$@^jkrdhgasfgkjgdasker34$%@ #$^$%7" might have SAME md5).


Necron, you're having obsession over c++ or what? it's not ultimate answer to everything, it's just computer language and you can use it for various purposes, just like any other language(fortran, pascal, c, java, python, perl, php). And breaking md5 is just about maths - you can do maths in javascript or visual basic.. so you can implement md5 collision POC in branfuck if you want.

So conclusion is: reversing/rainbow table cracking md5 is inefficient way to get back the password. It's always better send new randomly generated password by mail to recover access to the user.
I meant it exactly, Low level languges, you can NOT decrypt hashes in lua or PHP for example, I understood the account server method with MD5 hashes now, all what i do is to send an eMail asking for Yes/No on it.

It is a normal computer languages after all , as all languages :).

Thank you.
09/09/2009 08:01 forcer#23
Quote:
Originally Posted by Necron33 View Post
I meant it exactly, Low level languges, you can NOT decrypt hashes in lua or PHP
That's not true. I can implement md5 collision system in perl/php/lua without any problem, it's not about the language!! The reason why they implement password/hash crackers in c/c++ is performance. That is the only advantage over all scripting languages. learn more on the topic when arguing!
09/09/2009 10:40 funhacker#24
Quote:
Originally Posted by commandcom View Post
loled abit by reading this :D let me give you some videos to watch
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
they do explain it very nicely
Well done you just further proved there is no way of DECRYPTING md5. Unless you were siding with us who were saying this then i apologise for the sarcasm.

And I would just say to Soul i suggest requesting ALL your players changing their passwords because personaly if Necron says he aint opening another server of any kind then he can only have 1 other use for this which is using existing accounts and md5 hash to login to on a game and well it's pretty good timing right?
09/09/2009 21:21 Necron33#25
Quote:
Originally Posted by funhacker View Post
Well done you just further proved there is no way of DECRYPTING md5. Unless you were siding with us who were saying this then i apologise for the sarcasm.

And I would just say to Soul i suggest requesting ALL your players changing their passwords because personaly if Necron says he aint opening another server of any kind then he can only have 1 other use for this which is using existing accounts and md5 hash to login to on a game and well it's pretty good timing right?
Means I am a hacker?
please explain.
i do this for my next Pserver all things guide.
Page 2 of 2 1 2