Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: Password secured using?

from [Krugger] Network Security [Permanent Link]
Subject: Re: RE: Password secured using?
Date: Thu, 27 Apr 2006 03:40:49 +0100 
So it isn't a hash as a hash should always produce the same lenght of
output and the same input should always produce the same output.

The encryption of "a" produce various results.
It could be some sort of XOR with username or the first 4 bits can be
a salt for inicializing a  XOR generator, because for the first letter
it needs 4 extra bits, then for the remaining letter is need the same
8bits that a ascii caracter would ocupy. It can't be anything high
grade as there is no padding.

ascii a - 0x61 - 0110 0001

is converted to

(assuming the first 4bits are the salt then these are the XOR masks)
- 707 - 0111 0000 0111 -> Xor mask  0110 0110
- a5b - 1010 0101 1011 -> Xor mask  0011 1010
- 553 - 0101 0101 0011 -> Xor mask  0011 0010
- 285 - 0010 1000 0101 -> Xor mask  1110 0100
- 358 - 0011 0101 1000  -> Xor mask  0011 1001

Applying it to the bigger ones

aaa - 0x616161 - 0110 0001 0110 0001 0110 0001

(hex - binary of the hex - supposed xor mask)
0401785 - 0000 0100 0000 0001 0111 1000 0101 -> 0010 0001 0111 0110 1110 0100
83e455b - 1000 0011 1110 0100 0101 0101 1011 -> 0101 1111 0010 0100 0011 1010
9455b40 - 1001 0100 0101 0101 1011 0100 0000 -> 0010 0100 0011 1010 0010 0001

So I can't see any pattern there but you should check if the xor masks
fit and try to change the content based on the same XOR mask. And if
the salt are only 16 you can easily get them all with big
aaaaaaaaaaaaaaa passwords so you get the Xor mask that each salt
generates.

Another possibility it could be a salt for a simple XOR chaining in
which the output is reintroduced as the XOR key.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: privelege escalation with .bat files, Maudite
Next by Date:  Re: RE: Password secured using?, Peter Kosinar
Previous by Thread:  Re: RE: Password secured using?, Tim
Next by Thread:  Re: RE: Password secured using?, Peter Kosinar
Indexes:  [Date] [Thread] [Top] [All Lists]