Waraxe IT Security Portal
Login or Register
December 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 100
Members: 0
Total: 100
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> Encrypted email addressess (from site mailing list)
Post new topicReply to topic View previous topic :: View next topic
Encrypted email addressess (from site mailing list)
PostPosted: Sat Aug 15, 2009 8:21 pm Reply with quote
amir1085
Beginner
Beginner
Joined: Aug 15, 2009
Posts: 2




Ive been able to find a sites mailing list directory... but it seems all the addresses are encoded somehow?

Please help me with any info you may have. the email addresses look like the text below... but

_@_LRfPSqMvQXze~Xvri-_~_1156898772

I can tell you one thing i noticed... the ending numbers in the code above... must be gmail or yahoo... its the most popular one... about 3/4 all of the emails all end in it.


They are part of a server mail system called ccmail. I downloaded all the install files for ccmal to see what I can find... and it seems they were encoded using this file below.

If im reading and understand all this correctly, i might be SOL.... but any input, advice, help... would be greatly appreciated!!!

Code:
<?php
/*********************************************************************/
/* CcMail 1.0 */
/* Written by Emanuele Guadagnoli - cicoandcico[at]cicoandcico.com */
/* Reference page: http://www.cicoandcico.com/products.php */
/* License: GPL */
/* DO NOT EDIT UNLESS YOU KNOW WHAT YOU'RE DOING */
/*********************************************************************/

//CRYPT.PHP - Crypto class for addresses crypting

$ralphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.@~_-";
$alphabet = $ralphabet . $ralphabet;

class Crypto {

function encrypt ($password,$strtoencrypt)
{
global $ralphabet;
global $alphabet;
$encrypted_string = "";
$pos_alpha_ary = array();

for($i=0; $i<strlen($password); $i++)
{
$cur_pswd_ltr = substr($password,$i,1);
$pos_alpha_ary[] = substr(strstr($alphabet,$cur_pswd_ltr),0,strlen($ralphabet));
}

$i=0;
$n = 0;
$nn = strlen($password);
$c = strlen($strtoencrypt);

while($i<$c)
{
$encrypted_string .= substr($pos_alpha_ary[$n],strpos($ralphabet,substr($strtoencrypt,$i,1)),1);

$n++;
if($n==$nn) $n = 0;
$i++;
}
return $encrypted_string;
}

function decrypt ($password,$strtodecrypt)
{
global $ralphabet;
global $alphabet;
$decrypted_string = "";
$pos_alpha_ary = array();

for($i=0; $i<strlen($password); $i++)
{
$cur_pswd_ltr = substr($password,$i,1);
$pos_alpha_ary[] = substr(strstr($alphabet,$cur_pswd_ltr),0,strlen($ralphabet));
}

$i=0;
$n = 0;
$nn = strlen($password);
$c = strlen($strtodecrypt);

while($i<$c) {
$decrypted_string .= substr($ralphabet,strpos($pos_alpha_ary[$n],substr($strtodecrypt,$i,1)),1);

$n++;
if($n==$nn) $n = 0;
$i++;
}
return $decrypted_string;
}

}
?>
View user's profile Send private message
PostPosted: Sun Aug 16, 2009 12:12 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Try and find a config file on the site you got the addresses from.. might have the password.
Otherwise I guess you could try a brute force attack, or maybe someone might be able to crack that encryption cipher (very unlikely).

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sun Aug 16, 2009 5:01 am Reply with quote
amir1085
Beginner
Beginner
Joined: Aug 15, 2009
Posts: 2




gibbocool wrote:
Try and find a config file on the site you got the addresses from.. might have the password.
Otherwise I guess you could try a brute force attack, or maybe someone might be able to crack that encryption cipher (very unlikely).


thsi is prob gonna sound lame... i can get to the config file... but the file come sup blank. or maybe im just too much of a newbie to know what to do to not get it to be blank?

I can get to the admin log in page... i even think i know the admin log in name.... but thats a whole new begining haha. damn


Ya know.... I found in the sent mail, all the emails... but with a different kind of encryption?

Does this make a difference?

N5vOSRXzX~U3cIgDY TUMwRfVS23i7 cOEDSZaSpWU9cIgDY cgY9xKt7sj0h.gAeA@K@qp

these are all in a big long string at the bottom of all of the sent emails.... GRR!!!! So close yet so far!!!
View user's profile Send private message
PostPosted: Sun Aug 16, 2009 5:18 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




amir1085 wrote:

thsi is prob gonna sound lame... i can get to the config file... but the file come sup blank. or maybe im just too much of a newbie to know what to do to not get it to be blank?


Yeah it will come up blank because it is already processed. you need to get the actual source file, which you can only do if you have shell or ftp access.

I think those other encrypted things are the same as before.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Sun Aug 16, 2009 10:28 pm Reply with quote
BoboTiG
Advanced user
Advanced user
Joined: Jun 22, 2009
Posts: 66




amir1085 wrote:
_@_LRfPSqMvQXze~Xvri-_~_1156898772

For the moment, I can tell you that the code above describe an address and the creation time.

Here, address = _@_LRfPSqMvQXze~Xvri-, created on 2006-08-30 00:46:12 and _~_ is the separator.

If you can get the file /data/key.php, you could easely decrypt your addresses.
This file contain, for example:
Code:

<?php //DONT EDIT!!!
$pass = "k92j72F30129G66KO64T";
?>


Then, create a new local file like:
Code:

<?php
require('path/to/crypt.php');
$test = new Crypto();
print $test->decrypt('k92j72F30129G66KO64T', '_@_LRfPSqMvQXze~Xvri-');
?>


Wink
View user's profile Send private message Visit poster's website
Encrypted email addressess (from site mailing list)
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.035 Seconds