Earlier I told you how to crack MD5 passwords in general. This article tells how to get the passwords out of a TYPO3 installation, which are MD5-hashed, and crack them using John the Ripper.
Preparations step 1: lurk the data!
Okay, assuming that you’re an TYPO3 administrator that wants to check the password strength of your backend users (good guy). Or you have gained access to the database of a TYPO3 installation and want to access the content management system (bad guy). No, you wouldn’t do that…
Well, in both cases you may want to to execute the following SQL query to assemble the account names and their respective passwords.
SELECT `username` , `password`
FROM `be_users`
INTO OUTFILE '/tmp/typo3passwords.txt'
FIELDS TERMINATED BY ':'
LINES TERMINATED BY '\n'
Now you have a well-formatted file containing all username/password combos of the specific TYPO3 setup.
Preparations step 2: fetch your tools!
Go and get John the Ripper (JtR) first. As required by the German law I can not tell how or where to get it. I guess you query your favourite search engine and will find it instantly. John the Ripper does come with a few cipher formats compiled in, but for MD5 you need more formats. These come in patches provided by third parties.
For Linux you have to compile JtR yourself, including the so called “big patch”.
<fetch john-1.7.2.tar.gz from a source near you>
tar xvf john-1.7.2.tar.gz
wget http://www.openwall.com/john/contrib/john-1.7.2-all-12.diff.gz
gunzip john-1.7.2-all-12.diff.gz
patch -p1 < john-1.7.2-all-12.diff
cd src/
make clean linux-x86-any
<notice: if you get errors missing des.h, you should install the libssl-dev (debian) package and re-run the make statement>
Sorry to say I have no idea how to get John the Ripper & the big patch running on windows. You better use Cain & Abel for that, i guess.
So, if the compiling went through you can test if everything went well:
~/jtr/john-1.7.2/src$ ../run/john
It should contain the following list of cipher formats:
--format=NAME force ciphertext format NAME: DES/BSDI/MD5/BF/AFS/LM/NT/PO/raw-MD5/IPB2/raw-sha1/macosx-sha1/md5a/hmac-md5/KRB5/bfegg/nsldap/ssha/oracle/MYSQL/mysql-sha1/mscash/lotus5/DOMINOSEC/NETLM/NETNTLM/NETLMv2/NETHALFLM/mssql/mssql05/epi/phps/mysql-fast
raw-MD5 is the cipher of choice and it is available right now – so let’s rock!
Go go gadget: starting to crack
The actual cracking process is quite simple: run John the Ripper using the format parameter stating that you want to use raw-MD5 and input the file you have created using the SQL statement above:
~/jtr/john-1.7.2/src$ ../run/john --format=raw-MD5 /tmp/typo3passwords.txt
Loaded 2 password hashes with no different salts (Raw MD5 [raw-md5])
The application then runs for a different amount of time – depending on your CPU power, your wordfiles and the weakness of the chosen passwords. In my example there are very weak passwords, as they are cracked nearly instantly. Let me show you using the –show parameter of JtR:
~/jtr/john-1.7.2/src$ ../run/john --format=raw-MD5 --show /tmp/typo3passwords.txt
jane.simpson:jane
admin:way2go
2 password hashes cracked, 0 left
That’s it! I can now approach the users and tell them how stupid their passwords are. You should do the same and check the passwords – especially your own. 
Did this article help you out? Please leave a comment, i appreciate them. You can subscribe to my RSS-Feed as well – it’s free! And last but not least do not forget to Digg me!
10 Comments
Intresting – especially thinking about active install tools, which writes out a md5 hash in the screen.
Hi there i’ve been trying to get the password from this decrypted code and I have been unsucsessfull can someone please help me solve it asap
Thanks
Vicky
60d25c299ab141c1969cc9075aa45b09
need help decrypting this code
b2139849a820f0b26fca9c279dad5ee7
need help decrypting this code
8860bea93ca6d1bf860e4aaece23bcae
PLEASE HELP
REGARDS
ASTLER
I forgot my password but found the hash.
Please help me!
I need this password.Can someone please decrypt this for me?
273e79046c0d7883948b0f06f9b040eb
I forget my passwaord. Here is the hash.
ec6fcafeb6fcb9da1a3483dd64ddb7fa
Did it ever occur to yall that you are posting crack requests as comments on an article which gives quite good and detailed step-by-step instructions for cracking the hashes you posted?
LOL proto, good point! I am thinking about deleting these request-comments anyway but on the other side i am way too polite to do that. People took time to write a comment so i’d leave it there, shouldn’t i?
Hi
i’ve currently had my fb hacked by a friend but managed to get the md5 hash code, but really cant seem to decode it, any chance you could help??
20cc17e51394f25ff235ce6d86441a44
Many thanks in advance
Hey, Stotti!
I have Windows XP, and I installed JtR, but it won’t run properly.
I know it must be irritating to get requests to decrypt MD5 hash on a post about decrypting, but could you possible run this through your system for me?
a33a9086d12ee7d7ef9d9597c8850030
I’ve tried running it through dozens of cracked hash-code databases, but none of them have it decoded.
I’m not expecting you to do anything, but thanks a million-and-one if you do.
-Z.
3 Trackbacks
[...] How to crack MD5 passwords with John the Ripper – a live example exploiting TYPO3 // stotti.bl… [...]
[...] How to crack MD5 passwords with John the Ripper – using JtR (Unix/Windows) to crack MD5 hashes locally (I’ve wrote my own more up-to-date article, an older post is located here) [...]
[...] How to crack MD5 passwords with John the Ripper [...]