Viewing a single comment thread. View all comments

sudo wrote

Interesting, all of the hashes start with "$P$B". Is that supposed to be a salt? They know they're supposed to concatenate the salt and the password before putting it through the hash function, right...

Does anyone recognize what hash function they used?


ymir OP wrote

So it is definitely wordpress and I think the salt is in the second link in the wordpress config file.


ymir OP wrote (edited )

Here is from the wp-config.php:

define('SECURE_AUTH_KEY',  '5v[9(}B-UfT^szR5}ri?Bhj([2Apa#5kRal`iEh^Hv~u2mH5 0zjLe({Dd>RE_A8');
define('LOGGED_IN_KEY',    ';&BBDP8]9f,cJd?L+&/xAQ#lY;?B8S]Luju|&&~=e,-o7@tK_CU^~^.B2ssnVL*n');
define('NONCE_KEY',        '`|9Ofp9&N|aa9cE]D`6CId6Iqo+e+m%L Uxm#-VDV#*+pW<6!KU<Nx&n5Jq$%=FO');
define('AUTH_SALT',        'f0Uu0[cKX9]19g?#s<%)}>T?+(K:E/^}W$mHYWjaew>lSL_rnN@r=ALX::;U-t+C');
define('SECURE_AUTH_SALT', '7}P>3E6k%I&crsNb/8bpQI3y8=p:;G>.T24j4&EQaeMN!>,m+DoZ4xy75GFPs~ F');
define('LOGGED_IN_SALT',   'TJG`#D<!kj+(pU*%F}pp-wYO:2kli*Q9o9n5qBL6gI@~+MIMnuHBK7/6W$=f#gzq');
define('NONCE_SALT',       '2|Mp[AT{H$m_^WXD/AR$_WHf;%T@4PsT~>P)*QWX3bXu<gWbp,fxb+^WcD@Sg.a]'); ```

dele_ted wrote

What happened to all of this? Did you manage to crack the hashes? Shouldn't be too difficult, the configuration looks like a mess, and you have all the information from wp-config.