[Request] Encoding/Decoding Hash

..if you have any kind of requests regarding what i do or if you want to report a problem with site (download, dead link ..etc)

[Request] Encoding/Decoding Hash

Postby Legu » Fri Apr 05, 2013 1:26 pm

allright i have this hash

username --> MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECNFwKKHoFBDSBBCcJM6EdZIb3VMT/+cvyvkS
password--> MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECBpJov3WUxfmBBBlCJebBxrY+8kmLgyTFpYL

it is the username,password for an account. (got it from the dude i hacked, and since he hacked tons of ppl, now i have their stuff hihi).

Problem is usernames and passwords are encrypted. If u can help me decrypt them, ill post some of the accounts that work.

I think it has a salt at the beginnin but still i have no idea which encryption it was used for it. Hope u guyz have some experience :P

Also mybe it is might be useful, i found the keys in an sqlite database.
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Sethioz » Fri Apr 05, 2013 1:39 pm

never seen such hashes before. you should start with, where you got them from?
what site system?

i tried passwords pro hash generator, but none of them looked similar. maybe there are new plugins for passwordspro, but can't bother looking really.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: [Request] Encoding/Decoding Hash

Postby Legu » Fri Apr 05, 2013 1:44 pm

It was inside of an sqlite database. (see pic)

Image

Basicly the guy used some kind of a backdoor which sent only once, a package with 3 files to his email through a stmp. 2 database files, and one sqlite file.

like..... cert.db, key.db, signons.sqlite

Inside the sqlite file u have the tables and their values, but i have no idea what the db files do, i tired to open them with excel or access but didnt work. The key.db might be just the key for the encrypted files... mybe.
Attachments
pic.PNG
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Sethioz » Fri Apr 05, 2013 1:47 pm

duh .. SQlite is just a database manager, there is no such thing as "sqlite" file. its a simple SQL database file, he just uses sqlite as his preferred app, just like i use notepad++ as my preferred app for .txt, .php ..etc

it says nothing, since sqlite just opens the file, it won't say where it came from.
post the files, i need to see them in order to be able to give any info about them.
if you don't want them in public, PM them to me.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: [Request] Encoding/Decoding Hash

Postby Legu » Fri Apr 05, 2013 1:56 pm

Okay, here are the files, [in this case from the pc-username "dar"], i dont care much about the data itself, i just want to learn how stuff works.

Stuff is in rar, since db extensions not allowed.
Attachments
dar.rar
(26.85 KiB) Downloaded 118 times
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Legu » Fri Apr 05, 2013 2:12 pm

SQlite is just a database manager, there is no such thing as "sqlite" file


I think this is just simply wrong, there are files with the ending sqlite, and i have googled it and there really are topics with "sqlite files".

For an example: http://stackoverflow.com/questions/1216 ... qlite-file
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Sethioz » Fri Apr 05, 2013 3:32 pm

It seems like encryption is made by sqlite program.
also it contains godaddy SSL certificate, whatever it is, it seem to be login details for his website via godaddy SSL.

What i can tell from these files, is that he is using sqlite to log into his database on website that is hosted with godaddy.com
and in order to protect his username and password, sqlite have made secure connection using that cert.

So you have to find out what it is exactly, like what is the godaddy's feature.
like my hosting has shell access. if you find out how to use whatever he is using, then you can find out what is the encryption used.
either way, all the info needed to log into his database is there .. not 100% sure tho.
it just seems like some saved form to log into something, like browsers offer to remember login details or like Filezilla allows you to make site logins ..etc
usually program like that use their own encryption to protect this data from being read straight from hdd without having access to the app itself.
in most cases, they are very easy to decrypt.

I asked Luigi about it, if he has a minute to check it out you might just get 100% accurate answer about it.

In meanwhile, this might help:
https://github.com/sizzlelab/contextlog ... -CSV-files

to me it still seems like sqlite saved session, so its not even a database. its saved login session, at least i think it is.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: [Request] Encoding/Decoding Hash

Postby Legu » Fri Apr 05, 2013 3:46 pm

ill look up that adress, and try the python source too. I actually found it too on the inet before but i thought there is no way for it to work but since u recommend it too ill give it a try. If luigi had some ideas about it, it would be awesome ofc ^^, till that thx for the help so far, ill post progress if i make some.
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Legu » Sat Apr 06, 2013 11:57 am

Use below command to decrypt individual data file copied from mobile device (in Linux you can use asterisk to process several files) python <funf scripts folder>\dbdecrypt.py <file name xyz_mainPipeline.db>
Execution will ask for password, use the one that has been given to you.

Execution will ask for password duh...
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: [Request] Encoding/Decoding Hash

Postby Sethioz » Sat Apr 06, 2013 4:41 pm

Luigi Auriemma wrote:http://securityxploded.com/download.php#firepassword

firepassword -p c:\dar

the results are 5 accounts with username and password.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to Requests / Report Problems

Who is online

Users browsing this forum: No registered users and 1 guest