Home - Hash-Cracking Requests - Technicolor unknown hashes


13 Results - Page 1 of 1 -
1
Author Message
Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Wed, 11 Jan 2017 @ 07:24:38

Hi, I have a Technicolor router. In the mlpuser.ini I found hashes like that:

Code:
[ mlpuser.ini ] 
add name=Administrator  password=_CYP2_d78ddcd540c76991b548ebc39561cfaac32478b903ff10e0  role=Administrator hash2=b6dc35f8f2099445d5aff1f0db7cf265  defuser=enabled 
add name=tech  password=_CYP2_c230e53984b2aadedf0d7da6b0fb4e36c4c0224103b6b15e  role=TechnicalSupport hash2=16a921c357a09b4a38d01c6e7a0bdd1d  defremadmin=enabled


If I understand correctly hash2 is

MD5("username:Technicolor Gateway:" + pwd)

How can I get pwd knowing username and realm? Thank you



Avatar
SyDYF3F7IR6y

Status: n/a
Joined: Mon, 17 Oct 2016
Posts: 236
Team: Beer
Reputation: 535 Reputation
Online
Wed, 11 Jan 2017 @ 12:54:53

Code:
b6dc35f8f2099445d5aff1f0db7cf265:$HEX[41646d696e6973747261746f723a54686f6d736f6e20476174657761793a]

which is
Code:
Administrator:Thomson Gateway:

So i guess the password is blank for Administrator


BTC: 13JDb4LXu3uYDtLUxAE1kNtQzhk1bx1swi

Avatar
SyDYF3F7IR6y

Status: n/a
Joined: Mon, 17 Oct 2016
Posts: 236
Team: Beer
Reputation: 535 Reputation
Online
Wed, 11 Jan 2017 @ 14:27:58

Code:
16a921c357a09b4a38d01c6e7a0bdd1d:$HEX[746563683a54686f6d736f6e20476174657761793a33333436313033323033]

Code:
tech:Thomson Gateway:3346103203


BTC: 13JDb4LXu3uYDtLUxAE1kNtQzhk1bx1swi

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Thu, 12 Jan 2017 @ 09:17:39

Nice thank you. Can you explain me how you do it?


Avatar
SyDYF3F7IR6y

Status: n/a
Joined: Mon, 17 Oct 2016
Posts: 236
Team: Beer
Reputation: 535 Reputation
Online
Thu, 12 Jan 2017 @ 10:36:22

something like this

Code:
-m0 16a921c357a09b4a38d01c6e7a0bdd1d "tech:Thomson Gateway:"?l?l?l?l?l?l?l?l?l?l


BTC: 13JDb4LXu3uYDtLUxAE1kNtQzhk1bx1swi

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Sat, 14 Jan 2017 @ 12:00:52

Very nice. And for v0ip password like that:

Code:
password=_DEV3_0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF
?


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Wed, 18 Jan 2017 @ 08:48:58

Any hint?


Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 2716
Team: HashKiller
Reputation: 3681 Reputation
Online
Wed, 18 Jan 2017 @ 09:00:24

You need to look at this again, carefully:

Code:
password=_DEV3_0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF

You'll notice the hash after the _DEV3_ is just [0-9A-F] 5 times in order. Clearly its nothing or a default value.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15FBjL5phVoVC5WDeWnXjgEysfNhByjm2T
GPU Power: 5x GeForce GTX 1070 and My Brain

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Wed, 18 Jan 2017 @ 10:45:48

blandyuk said:

You need to look at this again, carefully:

Code:
password=_DEV3_0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF

You'll notice the hash after the _DEV3_ is just [0-9A-F] 5 times in order. Clearly its nothing or a default value.

I know! It's just an example, I'd like to know how to find the password (Sha-384 or AES192)


Avatar
SyDYF3F7IR6y

Status: n/a
Joined: Mon, 17 Oct 2016
Posts: 236
Team: Beer
Reputation: 535 Reputation
Online
Wed, 18 Jan 2017 @ 11:46:39

seems like you can change servername in the ini and point it at your own server and sniff the password in cleartext
there's guides out there


BTC: 13JDb4LXu3uYDtLUxAE1kNtQzhk1bx1swi

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
Wed, 18 Jan 2017 @ 14:27:33

I tried but doesn't works


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
5 days ago

SyDYF3F7IR6y said:

something like this

Code:
-m0 16a921c357a09b4a38d01c6e7a0bdd1d "tech:Thomson Gateway:"?l?l?l?l?l?l?l?l?l?l

my gpu died, can I use instead mdxfind? and if it is possible, how? thank you


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 134
Team:
Reputation: 27 Reputation
Offline
5 days ago

double post



13 Results - Page 1 of 1 -
1

We have a total of 105537 messages in 12797 topics.
We have a total of 14878 registered users.
Our newest registered member is asgharfarhadi.