|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 76
Members: 0
Total: 76
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Encrypted email addressess (from site mailing list) |
|
Posted: Sat Aug 15, 2009 8:21 pm |
|
|
amir1085 |
Beginner |
|
|
Joined: Aug 15, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
Ive been able to find a sites mailing list directory... but it seems all the addresses are encoded somehow?
Please help me with any info you may have. the email addresses look like the text below... but
_@_LRfPSqMvQXze~Xvri-_~_1156898772
I can tell you one thing i noticed... the ending numbers in the code above... must be gmail or yahoo... its the most popular one... about 3/4 all of the emails all end in it.
They are part of a server mail system called ccmail. I downloaded all the install files for ccmal to see what I can find... and it seems they were encoded using this file below.
If im reading and understand all this correctly, i might be SOL.... but any input, advice, help... would be greatly appreciated!!!
Code: | <?php
/*********************************************************************/
/* CcMail 1.0 */
/* Written by Emanuele Guadagnoli - cicoandcico[at]cicoandcico.com */
/* Reference page: http://www.cicoandcico.com/products.php */
/* License: GPL */
/* DO NOT EDIT UNLESS YOU KNOW WHAT YOU'RE DOING */
/*********************************************************************/
//CRYPT.PHP - Crypto class for addresses crypting
$ralphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890.@~_-";
$alphabet = $ralphabet . $ralphabet;
class Crypto {
function encrypt ($password,$strtoencrypt)
{
global $ralphabet;
global $alphabet;
$encrypted_string = "";
$pos_alpha_ary = array();
for($i=0; $i<strlen($password); $i++)
{
$cur_pswd_ltr = substr($password,$i,1);
$pos_alpha_ary[] = substr(strstr($alphabet,$cur_pswd_ltr),0,strlen($ralphabet));
}
$i=0;
$n = 0;
$nn = strlen($password);
$c = strlen($strtoencrypt);
while($i<$c)
{
$encrypted_string .= substr($pos_alpha_ary[$n],strpos($ralphabet,substr($strtoencrypt,$i,1)),1);
$n++;
if($n==$nn) $n = 0;
$i++;
}
return $encrypted_string;
}
function decrypt ($password,$strtodecrypt)
{
global $ralphabet;
global $alphabet;
$decrypted_string = "";
$pos_alpha_ary = array();
for($i=0; $i<strlen($password); $i++)
{
$cur_pswd_ltr = substr($password,$i,1);
$pos_alpha_ary[] = substr(strstr($alphabet,$cur_pswd_ltr),0,strlen($ralphabet));
}
$i=0;
$n = 0;
$nn = strlen($password);
$c = strlen($strtodecrypt);
while($i<$c) {
$decrypted_string .= substr($ralphabet,strpos($pos_alpha_ary[$n],substr($strtodecrypt,$i,1)),1);
$n++;
if($n==$nn) $n = 0;
$i++;
}
return $decrypted_string;
}
}
?> |
|
|
|
|
|
|
|
|
|
Posted: Sun Aug 16, 2009 12:12 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Try and find a config file on the site you got the addresses from.. might have the password.
Otherwise I guess you could try a brute force attack, or maybe someone might be able to crack that encryption cipher (very unlikely). |
|
|
|
|
|
|
|
|
Posted: Sun Aug 16, 2009 5:01 am |
|
|
amir1085 |
Beginner |
|
|
Joined: Aug 15, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
gibbocool wrote: | Try and find a config file on the site you got the addresses from.. might have the password.
Otherwise I guess you could try a brute force attack, or maybe someone might be able to crack that encryption cipher (very unlikely). |
thsi is prob gonna sound lame... i can get to the config file... but the file come sup blank. or maybe im just too much of a newbie to know what to do to not get it to be blank?
I can get to the admin log in page... i even think i know the admin log in name.... but thats a whole new begining haha. damn
Ya know.... I found in the sent mail, all the emails... but with a different kind of encryption?
Does this make a difference?
N5vOSRXzX~U3cIgDY TUMwRfVS23i7 cOEDSZaSpWU9cIgDY cgY9xKt7sj0h.gAeA@K@qp
these are all in a big long string at the bottom of all of the sent emails.... GRR!!!! So close yet so far!!! |
|
|
|
|
|
|
|
|
Posted: Sun Aug 16, 2009 5:18 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
amir1085 wrote: |
thsi is prob gonna sound lame... i can get to the config file... but the file come sup blank. or maybe im just too much of a newbie to know what to do to not get it to be blank? |
Yeah it will come up blank because it is already processed. you need to get the actual source file, which you can only do if you have shell or ftp access.
I think those other encrypted things are the same as before. |
|
|
|
|
|
|
|
|
Posted: Sun Aug 16, 2009 10:28 pm |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
amir1085 wrote: | _@_LRfPSqMvQXze~Xvri-_~_1156898772 |
For the moment, I can tell you that the code above describe an address and the creation time.
Here, address = _@_LRfPSqMvQXze~Xvri-, created on 2006-08-30 00:46:12 and _~_ is the separator.
If you can get the file /data/key.php, you could easely decrypt your addresses.
This file contain, for example:
Code: |
<?php //DONT EDIT!!!
$pass = "k92j72F30129G66KO64T";
?>
|
Then, create a new local file like:
Code: |
<?php
require('path/to/crypt.php');
$test = new Crypto();
print $test->decrypt('k92j72F30129G66KO64T', '_@_LRfPSqMvQXze~Xvri-');
?>
|
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|