i have a password from a user on mymessage board but it is hashed, 2f2cb8e0b7aae3c36e164b7a795207c9

how can i figure out what it is, for non malicious purposes

You can't -- that's the point of a hash :)

twey!!! long time no see. and from what im reading about hased, it cant be decrypted, but it is possible to find out what the word is

Only if someone's already stored it and its original text (and they haven't, at least publically, I already checked the common public rainbow tables).

Brute force. If you MUST know, just write a program that will run through until it finds it.
that's the only way unless it's already been stored.
Also, you'll need to know the algorithm. It's likely md5, but it would be sha1, md4, or several other things. The system might also have a trick in use, like using md5 on the md5 hash, etc.

Ask the user? ;)

Ask the user? ;)

best bet

Brute force. If you MUST know, just write a program that will run through until it finds it.If it hasn't found it in any of the common rainbow tables, which have been running for several years on a wide network of distributed machines, I doubt that's an option :)

Aren't those based on user input of specific passwords?

For example, "sdafjkl23432" probably isn't in there, right? Using brute force would find even the weird possible passwords.

If they have been running brute force and it isn't in the table, then that's very weird. I suppose it's either quite long or using characters that aren't usually checked.

Aren't those based on user input of specific passwords?Some of them are, some aren't.
If they have been running brute force and it isn't in the table, then that's very weird. I suppose it's either quite long or using characters that aren't usually checked.It doesn't have to be that long -- they'd only got up to about eight characters last I checked.

Then run brute force to check that. It would be fairly slow, though.
If you were efficient enough in the coding, might only take a few days to get to 8 chars...

If you were efficient enough in the coding, might only take a few days to get to 8 chars...
...or get banned by your ISP/Host/Control Panel for Hosting depending on their Terms/Scripting.

haha... i used a program using brute force. it said "time remaining" some numbers then "10 years".

brute force aint an option.

then i submitted the has to plain-text.info and it never got cracked.

the password is hashed using a version of md5 called md5_hmac

Hmm... I don't think it's possible.
0B792EF0094D36386EB70A07AEA4D5662F570BDA09C83E19B7E7D57A75678D5B7969A625110BFCCAF59B2E75D4E04D1D6C9C75AC30A06D82BCC44268A27AE05F
Try to decode that.
Tip: it's SHA-512, then MD5, then SHA-512 then SHA-512.
:)
To get the answer, unscramble these words:

si
hdoubo
hte
clorlof
gdo
tmso

and put them in order.
:)

Hmm... I don't think it's possible.
:)
It is possible just unlikely.

since its md5_hmac, does it make it impossible

Yes, you'd also have to know the salt even to brute-force it.

im not sure if its salted

A salt is required for the HMAC algorithm.

That's why it doesn't show up in any of the databases, I'd assume.

techno_race, that's the same story, though it just gives more info having all of them, making it only as strong as the weakest one. You could make it stronger by layering them, but not placing one after the other.

It's not unlikely, impossible, or anything, except time consuming. Also, "10 years" is a stupid estimate, as that assumes a constant rate to a certain goal, which is unknown, depending on the length of the actual password. Perhaps it just had 10 years to go until it would stop trying, but that's all it could know.