Archive | February, 2014

Hash Identifier – Identify Types Of Hashes Used To Encrypt Passwords


Hash Identifier or HashID is a Python-based tool that allows you to quickly identify types of hashes used to encrypt passwords. It supports over 220 unique hash types using regular expressions.

Somewhat similar to HashTag – Password Hash Type Identification (Identify Hashes) – which we posted about a while back.

Hash Identifier - Identify Types Of Hashes Used To Encrypt Passwords


It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them. hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output.

Hash Identifier – Identify Types of Hashes

It supports a whole bunch of hashes such as (but not limited to):

  • ADLER-32
  • CRC-32
  • CRC-32B
  • CRC-16
  • CRC-16-CCITT
  • DES(Unix)
  • FCS-16
  • GHash-32-3
  • GHash-32-5
  • GOST R 34.11-94
  • Haval-160
  • Haval-192 110080 ,Haval-224 114080 ,Haval-256
  • Lineage II C4
  • Domain Cached Credentials
  • XOR-32
  • MD5(Half)
  • MD5(Middle)
  • MySQL
  • MD5(phpBB3)
  • MD5(Unix)
  • MD5(WordPress)
  • MD5(APR)
  • Haval-128
  • MD2
  • MD4
  • MD5
  • MD5(HMAC(WordPress))
  • NTLM
  • RAdmin v2.x
  • RipeMD-128
  • SNEFRU-128
  • Tiger-128
  • MySQL5 – SHA-1(SHA-1($pass))
  • MySQL 160bit – SHA-1(SHA-1($pass))
  • RipeMD-160
  • SHA-1
  • SHA-1(MaNGOS)
  • Tiger-160
  • Tiger-192
  • md5($pass.$salt) – Joomla
  • SHA-1(Django)
  • SHA-224
  • RipeMD-256
  • SNEFRU-256
  • md5($pass.$salt) – Joomla
  • SAM – (LM_hash:NT_hash)
  • SHA-256(Django)
  • RipeMD-320
  • SHA-384
  • SHA-256
  • SHA-384(Django)
  • SHA-512
  • Whirlpool

Hash Identifier aka HashID Usage

You can download Hash ID v1.1 here:

hashID-v3.1.4.zip

Or read more here.

Posted in: Cryptography, Password Cracking

Topic: Cryptography, Password Cracking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


A Story Of Social Engineering – How @N Lost His $50,000 Twitter Handle


So last week I read an interesting tale about social engineering on Medium, a story by a chap named Naoki Hiroshima and his Twitter handle, which was @N.

Yes just one letter, a pretty rare and it seems valuable handle as he had offers of up to $50,000 for it. In the end though, someone decided they would just take it. Although there had been many attempts on the account before, this one was successful.

I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up.

While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject “Account Settings Change Confirmation.” There was a good reason why that was the last one.


Unsurprisingly, this cautionary tale involves two of the most hated companies online – PayPal and GoDaddy. GoDaddy has accepted partial responsibility though and has agreed that it needs to address and improve the processes that were abused in this case.

GoDaddy accepts partial responsibility in social engineering attack of @N’s customer account

PayPal however has denied giving out any information to the hacker, as would be expected from them:

PayPal denies providing payment information to hacker who hijacked $50,000 Twitter username

I changed my username @N to @N_is_stolen for the first time since I registered it in early 2007. Goodbye to my problematic username, for now.

It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification.

With my GoDaddy account restored, I was able to regain access to my email as well. I changed the email address I use at several web services to an @gmail.com address. Using my Google Apps email address with a custom domain feels nice but it has a chance of being stolen if the domain server is compromised. If I were using an @gmail.com email address for my Facebook login, the attacker would not have been able to access my Facebook account.

This whole situation just shows why 2 factor authentication is so important and also that you should really use @gmail.com accounts for important stuff rather than vanity domains registered with shady providers like GoDaddy.

Read the full story on Medium to see all the e-mail exchanges and get the full low down on exactly what happened.

Source: Medium.com

Posted in: Social Engineering

Topic: Social Engineering


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).