Hash? Go to the Railsbin challenge
Global Rank: 2202
Totalscore: 11247
Posts: 2
Thanks: 1
UpVotes: 1
Registered: 8y 314d
Last Seen: 1y 310d
The User is Offline
Hash?
Apr 27, 2018 - 17:39:15 (6y 148d)
Apr 27, 2018 - 17:39:15 (6y 148d)
It looks like I've found the salted hash in Blowfish format but it seems to be too short. Plus I've found 2 different versions of it.
Should I get it rather from DB by using SQL injection instead?
Should I get it rather from DB by using SQL injection instead?
Last edited by bfumaster - Apr 27, 2018 - 17:40:06
Global Rank: 1
Totalscore: 759433
Posts: 437
Thanks: 495
UpVotes: 468
Registered: 15y 57d
The User is Offline
RE: Hash?
Apr 27, 2018 - 17:52:47 (6y 148d)
Apr 27, 2018 - 17:52:47 (6y 148d)
How to find it is the whole challenge.
As for the two versions, obviously someone else added a user with the same name, but I'm sure you can figure out which is the right one.
As for the two versions, obviously someone else added a user with the same name, but I'm sure you can figure out which is the right one.
Global Rank: 2202
Totalscore: 11247
Posts: 2
Thanks: 1
UpVotes: 1
Registered: 8y 314d
Last Seen: 1y 310d
The User is Offline
RE: Hash?
Apr 30, 2018 - 08:42:20 (6y 145d)
Apr 30, 2018 - 08:42:20 (6y 145d)
I was not talking about two different users but 2 hash versions of the same user. Whatever.
Last edited by bfumaster - Apr 30, 2018 - 08:44:28
Global Rank: 1
Totalscore: 759433
Posts: 437
Thanks: 495
UpVotes: 468
Registered: 15y 57d
The User is Offline
RE: Hash?
Apr 30, 2018 - 15:07:12 (6y 145d)
Apr 30, 2018 - 15:07:12 (6y 145d)
Quote from bfumasterApr 30, 2018 - 08:42:20
Whatever.
That's the spirit...
I've had another look an it is indeed true that in some places different hashes are shown for the same user. This is due to some Rails magic in combination with bad coding.
As far as I can tell, if you find a way to get the full hash, you'll get the right one. So no need to worry about it at this stage.
Global Rank: 247
Totalscore: 87961
Posts: 1661
Thanks: 1349
UpVotes: 906
Registered: 16y 219d
Last Seen: 1d 15h
The User is Offline
RE: Hash?
May 01, 2018 - 00:56:23 (6y 145d)
May 01, 2018 - 00:56:23 (6y 145d)
Quote from dloserApr 30, 2018 - 15:07:12
Quote from bfumasterApr 30, 2018 - 08:42:20
Whatever.
That's the spirit...
I've had another look an it is indeed true that in some places different hashes are shown for the same user. This is due to some Rails magic in combination with bad coding.
As far as I can tell, if you find a way to get the full hash, you'll get the right one. So no need to worry about it at this stage.
Haha... "Rails magic and bad coding" does not involve @gizmore, right?
i only wrote like 5 lines for that railsbin app...
Happy Hacking!
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - May 01, 2018 - 00:57:49
zM_, tunelko, silenttrack, n0tHappy, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, kalungmas have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 9028 times.
1 people are watching the thread at the moment.
This thread has been viewed 9028 times.