-2

I am testing a site and have come across this password ...

aW/hY4XQjFpq1ZGzoO5cZ.

I have noticed a "." at the end and not sure which encryption method would create this. Any ideas would be useful.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 1
    Do you suspect that this is a hashed password? Do you have more samples? – Arminius Jan 15 '17 at 19:55
  • 2
    I see several Google searches trying to reverse this hash, but why do you think this is a hash? I think it's a password. [1](https://forum.hashkiller.co.uk/topic-view.aspx?t=10616&m=83864) [2](http://www.turkhackteam.org/tht-yardim-merkezi/1307009-aw-hy4xqjfpq1zgzoo5cz-bunu-nasil-kirabilirim.html) [3](http://www.v4-team.com/cc/showthread.php?p=1664207) – Jedi Jan 15 '17 at 19:55
  • 1
    Where did you find this? In /etc/shadow? Context will be very useful. – schroeder Jan 15 '17 at 19:59

1 Answers1

0

As has been said, multiple people trying to reverse this online. If you're not "cacaocaca1" and "Vicci", there's a big chance this password is simple, and easy to guess in a dictionary attack.

That looks like the right size and charset for a crypt MD5, except its missing the salt and prefix. Normally the output from crypt MD5 would look something like this.

$1$rasmusle$jrCf9Xc61lNMIQse/NJ1q.

With your hash I'd expect to also see the type and salt before the hash itself. In my example it would be "1" and "rasmusle". Maybe they have the salt hardcoded elsewhere and are stripping it out of the final hash you're fetching. Or they're just using something that uses the same encoding scheme as crypt MD5 with a final hash thats the same bit size.

J.A.K.
  • 4,793
  • 13
  • 30