Waraxe IT Security Portal

10_Sec_Hero · Advanced user

j9%3C%A5%0B%60w%B6%14%BF
g%11%0F%5E%0C%2Av
b%0A%0C%AF%F3%12%A5
mI%C2k%0E%D9
s%A5%84%B5%17a+1%7F

I have no idea what so ever...please help?

tehhunter · Valuable expert

10_Sec_Hero · Advanced user

i really doubt thats gonna work, they have to be plaintext.
thx for trying Smile

k40t1x · Regular user

10_SEC how did you get them? I dont think that you can use them at all :S

10_Sec_Hero · Advanced user

ok..i got them through sql injection from a website. i got the email address which is not encrypted and then i got these which are the passwords.

Henderson · Valuable expert

The strings are urlencoded, but it doesn't change the fact that they're encrypted (XOR maybe?). Send me PM with URL if you want Smile

Henderson · Valuable expert

The first letter of encrypted string is the first letter of user's e-mail address. Rest is a password XOR-ed with a key which is calculated basing on mentioned first letter. I don't know how the key is generated (probably it's some big number) but you could register an account with the same beginning letter of e-mail address as of the account you want to attack, and being able to execute SQL queries, read the encrypted password of yourself from database. Then just XOR the ciphertext with your real password and you'll get the key. Having the key, XOR victim's encrypted password with it and you'll get password in plaintext. Out of curiosity it would be cool to read the script's source using load_file() to discover the key generation algorithm.

10_Sec_Hero · Advanced user

Cool, thank you a lot! Smile

10_Sec_Hero · Advanced user

I did like you said, created an account with them, this is the account I created:

Henderson · Valuable expert

Since we don't know the length of key, it would be better if you created a password of maximum length.

10_Sec_Hero · Advanced user

here we go, managed to pull out the 16 character password (alpha-numeric) for latest account created:

email address used: email001@yahoo.com

er6%04H%1B%95%7F%96%02%B7v%F2a%02%9E%FC and plaintext is 1234567890abcdef

created a differect account couple of days ago, heres the email:password

email address used: johnny23462@yahoo.com

j2h%FF%16%60g and plaintext is adidas

Henderson · Valuable expert

The phrase er6%04H%1B%95%7F%96%02%B7v%F2a%02%9E%FC consists of two parts:

e = same as first letter of e-mail
723604481B957F9602B776F261029EFC = ciphertext (hex)

We know the plaintext, so we XOR the cipthertext with it to get the key.

31323334353637383930616263646566 = "1234567890abcdef" (hex)

723604481B957F9602B776F261029EFC XOR 31323334353637383930616263646566 = key

Having this particular key you can decipher ciphertext of phrases beginning with letter "e" (because the key is calculated from it) by XOR-ing the ciphertext with it:

ciphertext XOR key = plaintext

Hope it's clear now.

10_Sec_Hero · Advanced user

Yeah I got it now, thanks man! Very Happy