[ASK] Any Way To Crack Amember Salted Password?

I doubt this can be done but you never know. I need to be able to crack an amember admin password that is salted

Anyone know if this can be bruted?

 

If you know the salt, then you could compare it to a rainbow table. Without knowing the salt, you're likely screwed.

This is written based on the assumption that you locked yourself out of your own site that you are the admin to.

 

Always possible... but not for us regular guys (well really depends... password length, luck etc.)

"There are always ways around a closed door.... often you will just end up infront on another one."

 

threads related with hacking isn't allowed here .

 

This isn't hacking. It's my own table and I do know the salt obviously.
This is purely for educational purposes because Amember says the admin
accounts are not retrievable but coming from a cracking background I know
everything is reversible.

 

fine what's the hash type ? or you don't know

btw this will help you http://www.insidepro.com/

 

hammers aren't reversible but useless information aside good luck and dont get yourself shipped to gitmo

 

Try JTR (John the Ripper) if it is still about.

 

Thanks. I know of JTR. Used it ages ago. I will check and see what happens.

 

Rainbow tables are not the way to go with anything using unique salts. If the entire system had a static salt then you could try and justify it. For just one object though, you're wasting more time doing R/W to the disk than just doing it on the cpu/gpu/memory.

As for if its possible, yes. There is however a difference. If its using MD5, SHA1, SHA* or other one-way algorithms then you can only attempt collisions. Actually decrypting it isn't possible. To brute force, you just need to make a program that uses the same algorithm as in the program, and provide the salt+hash. To get faster speeds you will need to optimize the algorithm itself to possibly bypass or cache certain parts.
Something as simple as md5($pass.$salt) or sha1($pass.salt) can easily be bruteforced at over 1b/sec. Md5 is around 50 billion for GPGPU, SHA1 is around 10 billion.


In short: You can bruteforce it, yes.