Page 1 of 1

[Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 1:26 pm
by Legu
allright i have this hash

username --> MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECNFwKKHoFBDSBBCcJM6EdZIb3VMT/+cvyvkS
password--> MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECBpJov3WUxfmBBBlCJebBxrY+8kmLgyTFpYL

it is the username,password for an account. (got it from the dude i hacked, and since he hacked tons of ppl, now i have their stuff hihi).

Problem is usernames and passwords are encrypted. If u can help me decrypt them, ill post some of the accounts that work.

I think it has a salt at the beginnin but still i have no idea which encryption it was used for it. Hope u guyz have some experience :P

Also mybe it is might be useful, i found the keys in an sqlite database.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 1:39 pm
by Sethioz
never seen such hashes before. you should start with, where you got them from?
what site system?

i tried passwords pro hash generator, but none of them looked similar. maybe there are new plugins for passwordspro, but can't bother looking really.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 1:44 pm
by Legu
It was inside of an sqlite database. (see pic)

Image

Basicly the guy used some kind of a backdoor which sent only once, a package with 3 files to his email through a stmp. 2 database files, and one sqlite file.

like..... cert.db, key.db, signons.sqlite

Inside the sqlite file u have the tables and their values, but i have no idea what the db files do, i tired to open them with excel or access but didnt work. The key.db might be just the key for the encrypted files... mybe.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 1:47 pm
by Sethioz
duh .. SQlite is just a database manager, there is no such thing as "sqlite" file. its a simple SQL database file, he just uses sqlite as his preferred app, just like i use notepad++ as my preferred app for .txt, .php ..etc

it says nothing, since sqlite just opens the file, it won't say where it came from.
post the files, i need to see them in order to be able to give any info about them.
if you don't want them in public, PM them to me.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 1:56 pm
by Legu
Okay, here are the files, [in this case from the pc-username "dar"], i dont care much about the data itself, i just want to learn how stuff works.

Stuff is in rar, since db extensions not allowed.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 2:12 pm
by Legu
SQlite is just a database manager, there is no such thing as "sqlite" file
I think this is just simply wrong, there are files with the ending sqlite, and i have googled it and there really are topics with "sqlite files".

For an example: http://stackoverflow.com/questions/1216 ... qlite-file

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 3:32 pm
by Sethioz
It seems like encryption is made by sqlite program.
also it contains godaddy SSL certificate, whatever it is, it seem to be login details for his website via godaddy SSL.

What i can tell from these files, is that he is using sqlite to log into his database on website that is hosted with godaddy.com
and in order to protect his username and password, sqlite have made secure connection using that cert.

So you have to find out what it is exactly, like what is the godaddy's feature.
like my hosting has shell access. if you find out how to use whatever he is using, then you can find out what is the encryption used.
either way, all the info needed to log into his database is there .. not 100% sure tho.
it just seems like some saved form to log into something, like browsers offer to remember login details or like Filezilla allows you to make site logins ..etc
usually program like that use their own encryption to protect this data from being read straight from hdd without having access to the app itself.
in most cases, they are very easy to decrypt.

I asked Luigi about it, if he has a minute to check it out you might just get 100% accurate answer about it.

In meanwhile, this might help:
https://github.com/sizzlelab/contextlog ... -CSV-files

to me it still seems like sqlite saved session, so its not even a database. its saved login session, at least i think it is.

Re: [Request] Encoding/Decoding Hash

Posted: Fri Apr 05, 2013 3:46 pm
by Legu
ill look up that adress, and try the python source too. I actually found it too on the inet before but i thought there is no way for it to work but since u recommend it too ill give it a try. If luigi had some ideas about it, it would be awesome ofc ^^, till that thx for the help so far, ill post progress if i make some.

Re: [Request] Encoding/Decoding Hash

Posted: Sat Apr 06, 2013 11:57 am
by Legu
Use below command to decrypt individual data file copied from mobile device (in Linux you can use asterisk to process several files) python <funf scripts folder>\dbdecrypt.py <file name xyz_mainPipeline.db>
Execution will ask for password, use the one that has been given to you.

Execution will ask for password duh...

Re: [Request] Encoding/Decoding Hash

Posted: Sat Apr 06, 2013 4:41 pm
by Sethioz
Luigi Auriemma wrote:http://securityxploded.com/download.php#firepassword

firepassword -p c:\dar

the results are 5 accounts with username and password.