A special method of Logon verification-SQL Injection-cracking md5 passwords

I. Analysis

 
I often encounter a type of authentication account and password writing (which has nothing to do with the specific language of php, asp, and jsp. The following uses asp as an example) to determine whether a user exists first: "select * from user_info where user_name =" & request ("user_name") & "; then it is determined that the md5 pair of the password is not paired.
 
If (rs ("passwd") = md5 (request ("passwd") then
 
Reponse. write "login suc"
 
Else
 
Reponse. write "error password"
 
End if
 
Ii. Guess
 
In this case, the user_name input is xxxx and passwd>.
 
Here we can use a half-fold comparison:
 
(Assume that the first digit of md5 is B.) For example, if> a is true, the letter will become larger, for example,> z ,. so it is false, and test again> p ..... until> a is established, but> B is not established, it must be B. Assume that only the letter B> a is true and B> B is false.
 
Repeat this: you can always try it. For example, if the first digit is B, the second digit can be written as follows:
 
Passwd> ba and so on [why don't we use mid (passwd,) here? We thought the mid function was related to mysql, SQL server, or oracle ].
 
Iii. Cracking
 
Determine whether the md5 value is 16-bit or 32-bit ~ 24-bit (32-bit md5 changes to 16-bit md5 ).
 
Guess the 16-bit md5, and then restart 5.com/xmd5.orgto crack it.
 
Then, enter the actual password for cracking. Haha.
 
 
Summary:
 
1. An error message indicating whether your account exists is displayed.
 
2. Passwords during login are not directly compared, but compared after md5 encryption.
 
3. Use MD5 to crack the password (that is, enter the injection statement in the input account input box ).
 
4. How to Determine the fields in the Database user information table: use the name of the form to determine (many developers use the same name)