White Hat Institute

“Defend the Web” write-up (Intro 12)

“Defend the Web” write-up (Intro 12 — MD5 Decryption)

This challenge is fairly simple, it gives you the hashed password and asks you to use it to pass the login page. You may view the source code page and try to find some good stuff there, but we will be using a different route.

Defend the Web - Intro 12-1

As you can see the given password didn’t work for us, because it is encrypted. Copy the encrypted password and paste it to Google search engine, then hit “Enter.”

Defend the Web - Intro 12-2

Here we can see that the MD5 encryption methodology was used. Click on any available MD5 hash decryptor and view the results.

Defend the Web - Intro 12-3

Bingo, our password is “1qaz2wsx”. Copy and use it at the login page to pass the challenge.

MD5 has been utilized in a number of situations. The saving of passwords is one of the most common applications. Many passwords were kept in this manner due to the vulnerability of databases and the need to store passwords someplace. Many Linux systems, for example, used password-hashing methods like MD5 to store passwords securely.

MD5 has been cryptographically broken and is therefore considered insecure. As a result, it should be avoided at all costs. Developers should use the Secure Hash Algorithm or a Symmetric Cryptographic Algorithm instead. Using MD5 is scarcely better than using nothing at all with today’s GPUs and hash cracking tools. It is always advised to utilize a hashing method to save user passwords, and you should find that utilizing SHA-2 instead of MD5 in any current programming environment is just as simple.