[bkbk]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

https://github.com/iamaldi/grafana2hashcat this worked for me.

[0xbeef]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

https://github.com/iamaldi/grafana2hashcat this worked for me.

Did not work for me too, status shows => exhausted

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[lolla981]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

use john for other user's hash

1|0|admin|admin@localhost||441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34|CFn7zMsQpf|CgJll8Bmss||1|1|0||2024-06-05 16:14:51|2024-06-05 16:16:02|0|2024-06-05 16:16:02|0|0|
441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34, CFn7zMsQpf > hash.txt ---> like this? or the other string  CgJll8Bmss, I don't understand.

[0xbeef]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

https://github.com/iamaldi/grafana2hashcat this worked for me.

Did not work for me too, status shows => exhausted

I guess it's the wrong hash then...

---

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

use john for other user's hash

1|0|admin|admin@localhost||441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34|CFn7zMsQpf|CgJll8Bmss||1|1|0||2024-06-05 16:14:51|2024-06-05 16:16:02|0|2024-06-05 16:16:02|0|0|
441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34, CFn7zMsQpf > hash.txt ---> like this? or the other string  CgJll8Bmss, I don't understand.

There must be another hash, you did everything right as I did too. But if it's exhausting it means we got the wrong hash. The tool is simple to use. digging for the other hash right now

---

The admin hash cannot be cracked,
Here is the developer/George's hash 

7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960,4umebBJucv

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[lolla981]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

https://github.com/iamaldi/grafana2hashcat this worked for me.

Did not work for me too, status shows => exhausted

I guess it's the wrong hash then...

---

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

use john for other user's hash

1|0|admin|admin@localhost||441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34|CFn7zMsQpf|CgJll8Bmss||1|1|0||2024-06-05 16:14:51|2024-06-05 16:16:02|0|2024-06-05 16:16:02|0|0|
441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34, CFn7zMsQpf > hash.txt ---> like this? or the other string  CgJll8Bmss, I don't understand.

There must be another hash, you did everything right as I did too. But if it's exhausting it means we got the wrong hash. The tool is simple to use. digging for the other hash right now

---

The admin hash cannot be cracked,
Here is the developer/George's hash 

7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960,4umebBJucv

Can you tell me how did you identify the salt,  2|0|developer|ghubble@bigbang.htb|George Hubble|7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960|4umebBJucv|0Whk1JNfa3||1|0|0||2024-06-05 16:17:32|2025-01-20 16:27:39|0|2025-01-20 16:27:19|0|0|ednvnl5nqhse8d 
Is it this one  4umebBJucv, this one  0Whk1JNfa3, or this one  ednvnl5nqhse8d , i searched for documentation but couldn't find any

[0xbeef]

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

https://github.com/iamaldi/grafana2hashcat this worked for me.

Did not work for me too, status shows => exhausted

I guess it's the wrong hash then...

---

I need help with the grafana.db hash. I've never cracked a grafana db hash before, x | x | developer | email | name | hash | salt | x and few other strings which could be salts, which one is the actual salt? I use the script to change it into hashcat crackable format but I exhaust my list and it never cracks. I have tried all the three strings that are after the hash as salts separately. Can anybody tell me what I am doing wrong?

use john for other user's hash

1|0|admin|admin@localhost||441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34|CFn7zMsQpf|CgJll8Bmss||1|1|0||2024-06-05 16:14:51|2024-06-05 16:16:02|0|2024-06-05 16:16:02|0|0|
441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34, CFn7zMsQpf > hash.txt ---> like this? or the other string  CgJll8Bmss, I don't understand.

There must be another hash, you did everything right as I did too. But if it's exhausting it means we got the wrong hash. The tool is simple to use. digging for the other hash right now

---

The admin hash cannot be cracked,
Here is the developer/George's hash 

7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960,4umebBJucv

Can you tell me how did you identify the salt,  2|0|developer|ghubble@bigbang.htb|George Hubble|7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960|4umebBJucv|0Whk1JNfa3||1|0|0||2024-06-05 16:17:32|2025-01-20 16:27:39|0|2025-01-20 16:27:19|0|0|ednvnl5nqhse8d 
Is it this one  4umebBJucv, this one  0Whk1JNfa3, or this one  ednvnl5nqhse8d , i searched for documentation but couldn't find any

It's a database. Just count the field of the column and match each values to the column the salt comes after the hash according the database structure. Hence `4umebBJucv` is the salt in this case

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[lolla981]

https://github.com/iamaldi/grafana2hashcat this worked for me.

Did not work for me too, status shows => exhausted

I guess it's the wrong hash then...

---

use john for other user's hash

1|0|admin|admin@localhost||441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34|CFn7zMsQpf|CgJll8Bmss||1|1|0||2024-06-05 16:14:51|2024-06-05 16:16:02|0|2024-06-05 16:16:02|0|0|
441a715bd788e928170be7954b17cb19de835a2dedfdece8c65327cb1d9ba6bd47d70edb7421b05d9706ba6147cb71973a34, CFn7zMsQpf > hash.txt ---> like this? or the other string  CgJll8Bmss, I don't understand.

There must be another hash, you did everything right as I did too. But if it's exhausting it means we got the wrong hash. The tool is simple to use. digging for the other hash right now

---

The admin hash cannot be cracked,
Here is the developer/George's hash 

7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960,4umebBJucv

Can you tell me how did you identify the salt,  2|0|developer|ghubble@bigbang.htb|George Hubble|7e8018a4210efbaeb12f0115580a476fe8f98a4f9bada2720e652654860c59db93577b12201c0151256375d6f883f1b8d960|4umebBJucv|0Whk1JNfa3||1|0|0||2024-06-05 16:17:32|2025-01-20 16:27:39|0|2025-01-20 16:27:19|0|0|ednvnl5nqhse8d 
Is it this one  4umebBJucv, this one  0Whk1JNfa3, or this one  ednvnl5nqhse8d , i searched for documentation but couldn't find any

It's a database. Just count the field of the column and match each values to the column the salt comes after the hash according the database structure. Hence `4umebBJucv` is the salt in this case

The problem is I assumed that using the normal notion, thats how it's supposed to be like hash, salt but it won't crack thats why I thought the issue might be with the salt

[kb2l]

for root part do I have to use /command endpoint with a special payload ?

[0xbeef]

for root part do I have to use /command endpoint with a special payload ?

You need a token first then you can inject any command. Did you get the token ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[kb2l]

for root part do I have to use /command endpoint with a special payload ?

You need a token first then you can inject any command. Did you get the token ?

yes i have the access_token. 

But when i try to inject command i fail : 
command: send_image , output_file :"etc/passwd" for example will give "error generating image: "
command : "ls" -> error: "invalid command'
output_file"test.png;id" => "error":"Output file path contains dangerous characters"