Kuna watu bado wanatumia SHA-1 ku encrypt passwords?

Cybergates

Cybergates

JF-Expert Member
Dec 2, 2016
671
1,389
Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini

moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali

Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole

Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential

Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020

Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
 
Cybergates said:
Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini

moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali

Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole

Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku havi taarifa confidential

Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020

Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Click to expand...
Mzee baba ni nouma 😎
 
Cybergates said:
Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini

moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali

Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole

Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential

Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020

Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Click to expand...
Uliposema md5 nikaona na wewe ni walewale.
 
Cybergates said:
Leo nilikua napitia baadhi ya website za taasisi zetu hapa nchini

moja ya taasisi kubwa tu ya IT juzi juzi hapa walifanya update ya system yao wakaongeza baadhi ya features na function mbalimbali

Kabla ya hayo maboresho, system yao ilikua moja ya website ngumu kupata loophole

Leo nimetest moja ya feature yao mpya walio add yani ni toooo easy to hack mtoto wa form 3 akipewa terminal ana hack, yani mtu una download database yote, kila kiku hadi taarifa confidential

Moja ya table ilikua ya users hii ndo imenishikitisha ya password zao zipo hashed na sha-1??, ya nii hi SHA-1 tool kama john au Johnny zina crack hizo password dk3 na baadhi ya password zipo kwenye worldlist.txt, Nimekuta root/admin username zinatumia uki decrypt hizo hash unapata password kama pass2020

Inabidi watu wa advance aise lest ukitumia sha1 add tena na md5 inakua afadhali kidogo kuliko kutimia sha 1 pekeyake
Click to expand...
IT wa bongo kakamata mpini Stefano Mtangoo
 
Majuzi nimetoka ku rewrite from the ground up, administrative dashboard ya chuo fulani cha serikali...

Wao hawakujisumbua na hashing, passwords zote walizi store kama plain text, na admin alikua na uwezo wa ku edit passwords za users wote.

Chuo cha serikali.
 
Kuchwizzy said:
Majuzi nimetoka ku rewrite from the ground up, administrative dashboard ya chuo fulani cha serikali...

Wao hawakujisumbua na hashing, passwords zote walizi store kama plain text, na admin alikua na uwezo wa ku edit passwords za users wote.

Chuo cha serikali.
Click to expand...
seriously???
 
Freyzem said:
Hebu weka link ya hiyo site hapa tuwabalaguze…
Click to expand...
Ha haha, tuwasamehe tu mkuu. ku ujumla hii loophole nimeikuta kwenye QR code
love life live life said:
Uliposema md5 nikaona na wewe ni walewale.
Click to expand...
Nilikua namaanisha hivi sha1(md5($pass))
mathsjery said:
IT wa bongo kakamata mpini Stefano Mtangoo
Click to expand...
Mbona bongo kuta IT wazuri sana
Stefano Mtangoo said:
IT wa Bongo hawana uwezo wa kupenya. Kama kapenya mpaka kwenye database hafai kuwa IT wa Bongo. IT wa bongo ni zero kabisa!
Click to expand...
Sema mkuu saivi tunaangalia possibility ya kupenya hadi kwenye servers
Stefano Mtangoo said:

PHP: password_hash - Manual

www.php.net www.php.net
Click to expand...
Nimesoma hizo hashing zipo vizuri personal hashing zangu output zake zipo hivi
Ruby: 
dZSPIEGoYv4D2BPc3CbRiA$8$1$cA2yxRHOj7rDPV81tnmrVjRO1BQf2af4X8tg3YGOEyJQSMIZPgiOosVQHapvNrm0/UvtUxfugtlxaxWJYDaP6A==
msNpsGVZveMR2Ku75k4oDc$8$1$/8SBRH7b/XrQItDDnXwdQA/ICiyvG1JLRKHFMQ05H8H6Lmh/SbzgDl0jK9ZDt3ss2dVEB5DXEmZsGR28s0FLJw==
HexZH5I8pOuMFvkkxIBWtH$8$1$3gm+ghrlVWpARqFuy6PZX1oV1vBC70+NEQkWf67DTmxq0cQRUFd73tpeJZIA4wWh/Tfl2h+5d3zilzAoYLe53A==


Kuchwizzy said:
Majuzi nimetoka ku rewrite from the ground up, administrative dashboard ya chuo fulani cha serikali...

Wao hawakujisumbua na hashing, passwords zote walizi store kama plain text, na admin alikua na uwezo wa ku edit passwords za users wote.

Chuo cha serikali.
Click to expand...
website za chuo ndo haman kitu kabisa
 
You must log in or register to reply here.

Similar Discussions

Back
Top Bottom
Forums
New posts
Post thread
Back