I doubt this can be done but you never know. I need to be able to crack an amember admin password that is salted Anyone know if this can be bruted?
If you know the salt, then you could compare it to a rainbow table. Without knowing the salt, you're likely screwed. This is written based on the assumption that you locked yourself out of your own site that you are the admin to.
Always possible... but not for us regular guys (well really depends... password length, luck etc.) "There are always ways around a closed door.... often you will just end up infront on another one."
This isn't hacking. It's my own table and I do know the salt obviously. This is purely for educational purposes because Amember says the admin accounts are not retrievable but coming from a cracking background I know everything is reversible.
hammers aren't reversible but useless information aside good luck and dont get yourself shipped to gitmo
If you know of the salt and the encryption algo, you can write a program to brute force it or you could even create the appropriate rainbow tables in case you want to do this for many hashes.
Rainbow tables are not the way to go with anything using unique salts. If the entire system had a static salt then you could try and justify it. For just one object though, you're wasting more time doing R/W to the disk than just doing it on the cpu/gpu/memory. As for if its possible, yes. There is however a difference. If its using MD5, SHA1, SHA* or other one-way algorithms then you can only attempt collisions. Actually decrypting it isn't possible. To brute force, you just need to make a program that uses the same algorithm as in the program, and provide the salt+hash. To get faster speeds you will need to optimize the algorithm itself to possibly bypass or cache certain parts. Something as simple as md5($pass.$salt) or sha1($pass.salt) can easily be bruteforced at over 1b/sec. Md5 is around 50 billion for GPGPU, SHA1 is around 10 billion. In short: You can bruteforce it, yes.
I assumed it was a static salt. You are totally correct that it would not make any sense to use RT for a dynamic salt.
