Username: 
Password: 
Restrict session to IP 

Hash?  Go to the Railsbin challenge

Global Rank: 2231
Totalscore: 11211
Posts: 2
Thanks: 1
UpVotes: 1
Registered: 9y 44d
Last Seen: 2y 40d
The User is Offline
Hash?
Google/translate1Thank You!1Good Post!0Bad Post! link
It looks like I've found the salted hash in Blowfish format but it seems to be too short. Plus I've found 2 different versions of it.
Should I get it rather from DB by using SQL injection instead?
Last edited by bfumaster - Apr 27, 2018 - 17:40:06
Global Rank: 1
Totalscore: 758910
Posts: 437
Thanks: 497
UpVotes: 470
Registered: 15y 152d












The User is Offline
RE: Hash?
Google/translate1Thank You!1Good Post!0Bad Post! link
How to find it is the whole challenge.

As for the two versions, obviously someone else added a user with the same name, but I'm sure you can figure out which is the right one.
Global Rank: 2231
Totalscore: 11211
Posts: 2
Thanks: 1
UpVotes: 1
Registered: 9y 44d
Last Seen: 2y 40d
The User is Offline
RE: Hash?
Google/translate0Thank You!0Good Post!0Bad Post! link
I was not talking about two different users but 2 hash versions of the same user. Whatever.
Last edited by bfumaster - Apr 30, 2018 - 08:44:28
Global Rank: 1
Totalscore: 758910
Posts: 437
Thanks: 497
UpVotes: 470
Registered: 15y 152d












The User is Offline
RE: Hash?
Google/translate0Thank You!1Good Post!0Bad Post! link
Quote from bfumaster
Apr 30, 2018 - 08:42:20

Whatever.

That's the spirit...

I've had another look an it is indeed true that in some places different hashes are shown for the same user. This is due to some Rails magic in combination with bad coding.

As far as I can tell, if you find a way to get the full hash, you'll get the right one. So no need to worry about it at this stage.
Global Rank: 227
Totalscore: 94360
Posts: 1684
Thanks: 1360
UpVotes: 920
Registered: 16y 314d




Last Seen: 1d 11h
The User is Offline
RE: Hash?
Google/translate0Thank You!0Good Post!0Bad Post! link
Quote from dloser
Apr 30, 2018 - 15:07:12

Quote from bfumaster
Apr 30, 2018 - 08:42:20

Whatever.

That's the spirit...

I've had another look an it is indeed true that in some places different hashes are shown for the same user. This is due to some Rails magic in combination with bad coding.

As far as I can tell, if you find a way to get the full hash, you'll get the right one. So no need to worry about it at this stage.


Haha... "Rails magic and bad coding" does not involve @gizmore, right?
i only wrote like 5 lines for that railsbin app... Euh

Happy Hacking!
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - May 01, 2018 - 00:57:49
zM_, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 9151 times.