K, now, how would I go about getting this encrypted PW into plaintext? I've tried JTH, but didn't come up with anything with a -singlefile crack.

sered:tNk9eHs9Ekxtg

TIA

uh.

the idea behind encryption is that only someone with the right encryption key can unencrypt it.

chances are, a password was encrypted specifically so people (perhaps, such as yourself) can't easily get it. unless, of course, you're the one who encrypted it, or you're a designated recipient. in which case, you should already have the encryption key.

spyrul: It's for a game my friend Xeno is challenging me and a lot of our other friends with. If you don't believe me, go to www.cyberarmy.com forums and see it. I am trying to get help on this so that I can learn how to do things.. trust me, I am worthy. I've been around here on my other name longer 25 times than you've known about this site... I'm not a newb, so please don't talk to me like I'm one.

i don't care about how long you've been here.

the fact of the matter is, you asked how to break an encryption, and you didn't really provide much reason behind why. had you told me it was a contest your friend was challenging you to, then i probably wouldn't have lectured you.

make sure you include everything in your posts next time...

On your other name? Does that mean you've been banned?

If it's a game for YOU tofigure out, then do just that. You need to search for the answer and figure it out, don't ask someone for it.

Just to set the record straight, Jehnny (in his other ID) got banned for making a simple mistake that any of us could have made. Those of us who have been around since before that happened know who he is (was) and speaking for myself, I read no malicious intent in what he said. Given that you guys DON'T know him however, I can understand your reactions. That being said, can we all put our attitudes back in their holsters and get along now?

Looks to me like the thing is done in MD5,
just like the /etc/shadow file in unix... check that out.

If it is MD5 that would involve brute force, since MD5 is a oneway system.

there are a lot of good bruteforce proggies for MD5, google for that.. hope it helps !!

It looks more like a Unix crypt() ed password with a salt to me.

However it could be anything.

The first stage to cracking the password would be to know with what algorithm it was encrypted. This is easy, simply read the documentation for whatever software you got it from, and it should tell you.

If they don't document their crypto, then the software you used clearly isn't very good - any undocumented encryption method is possibly weak if they manufacturer felt the need not to document it.

If it's a one-way algorithm (like the md5 hash that the_JinX mentioned, or crypt()), then you cannot decrypt it, only make dictionary attacks.

Depending on how fast the algorithm is and what the keyspace is (length of password and character set allowed), brute-forcing the password could be unfeasible.

The only way to tell if a word is equal to the password is to take the salt of the encrypted word (the first two characters), then use crypt() to encrypt your word with the salt. If the encrypted word is equal to what you have as the password, then you know the password. If not, it's not.

Example:

Password is 'blargho' (but we don't know that yet). The encrypted form is 0gJsyagDyu3QQ. This means the salt is 0g. So we run crypt() on the word 'foobar' with the salt '0g' and get 0gIIU7o7j3LYE, which is blatantly not the encrypted password. So we try 'blargho' as a wild guess, and what do you know: it equals 0gJsyagDyu3QQ. This was done in perl on an HP-UX 11.11 machine so YMMV, depending...

I got one thing to say, I used to play on CA, got bored with it though, and your not supposed to ask for help, your supposed to figure it out yourself, but when I was playing I think that was level three, and you got that password from a VB file that you opened in a hex editor. . .but if it is still set up the same. . .JTR should do it, took me about a day to come up with the old password. . .gl either way though.

allenb... thank for the info. It's just at first glance it was somebody who has been banned asking for others to crack a password for them. From the way you worded your post, I think you understood where I was coming from, and I do appreciate that.

As far as the password goes, I haven't the faintest idea. I'm just starting in this arena. But I do look forward to reading everyone's input.

bludgeon: Nah, it's not a challenge on CA.com like Zebulun or whatever, it's just something that Marshall Xenographic has put up for people to have fun with.

Although I still don't have the PW, I'm glad I posted it here because I've learned a few things from the responders.

And speaking of CA, you oughtta go back.. they relaunched, and now brigades are completely aside from hax0ring challenges and rank. Go check it out, ya oughtta.