How to figure out this password...
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How to figure out this password...

  1. #1
    Banned
    Join Date
    Sep 2002
    Posts
    222

    How to figure out this password...

    K, now, how would I go about getting this encrypted PW into plaintext? I've tried JTH, but didn't come up with anything with a -singlefile crack.

    sered:tNk9eHs9Ekxtg

    TIA

  2. #2
    Member
    Join Date
    Nov 2002
    Posts
    97
    uh.

    the idea behind encryption is that only someone with the right encryption key can unencrypt it.

    chances are, a password was encrypted specifically so people (perhaps, such as yourself) can't easily get it. unless, of course, you're the one who encrypted it, or you're a designated recipient. in which case, you should already have the encryption key.
    i will shoot you so hard.

  3. #3
    Banned
    Join Date
    Sep 2002
    Posts
    222
    spyrul: It's for a game my friend Xeno is challenging me and a lot of our other friends with. If you don't believe me, go to www.cyberarmy.com forums and see it. I am trying to get help on this so that I can learn how to do things.. trust me, I am worthy. I've been around here on my other name longer 25 times than you've known about this site... I'm not a newb, so please don't talk to me like I'm one.

  4. #4
    Member
    Join Date
    Nov 2002
    Posts
    97
    i don't care about how long you've been here.

    the fact of the matter is, you asked how to break an encryption, and you didn't really provide much reason behind why. had you told me it was a contest your friend was challenging you to, then i probably wouldn't have lectured you.

    make sure you include everything in your posts next time...
    i will shoot you so hard.

  5. #5
    Senior Member
    Join Date
    Nov 2002
    Posts
    174
    On your other name? Does that mean you've been banned?

    If it's a game for YOU tofigure out, then do just that. You need to search for the answer and figure it out, don't ask someone for it.
    Mike Reilly
    bluebeard96@yahoo.com

  6. #6
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Just to set the record straight, Jehnny (in his other ID) got banned for making a simple mistake that any of us could have made. Those of us who have been around since before that happened know who he is (was) and speaking for myself, I read no malicious intent in what he said. Given that you guys DON'T know him however, I can understand your reactions. That being said, can we all put our attitudes back in their holsters and get along now?
    Al
    It isn't paranoia when you KNOW they're out to get you...

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Looks to me like the thing is done in MD5,
    just like the /etc/shadow file in unix... check that out.

    If it is MD5 that would involve brute force, since MD5 is a oneway system.

    there are a lot of good bruteforce proggies for MD5, google for that.. hope it helps !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It looks more like a Unix crypt() ed password with a salt to me.

    However it could be anything.

    The first stage to cracking the password would be to know with what algorithm it was encrypted. This is easy, simply read the documentation for whatever software you got it from, and it should tell you.

    If they don't document their crypto, then the software you used clearly isn't very good - any undocumented encryption method is possibly weak if they manufacturer felt the need not to document it.

    If it's a one-way algorithm (like the md5 hash that the_JinX mentioned, or crypt()), then you cannot decrypt it, only make dictionary attacks.

    Depending on how fast the algorithm is and what the keyspace is (length of password and character set allowed), brute-forcing the password could be unfeasible.

  9. #9
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    The only way to tell if a word is equal to the password is to take the salt of the encrypted word (the first two characters), then use crypt() to encrypt your word with the salt. If the encrypted word is equal to what you have as the password, then you know the password. If not, it's not.

    Example:

    Password is 'blargho' (but we don't know that yet). The encrypted form is 0gJsyagDyu3QQ. This means the salt is 0g. So we run crypt() on the word 'foobar' with the salt '0g' and get 0gIIU7o7j3LYE, which is blatantly not the encrypted password. So we try 'blargho' as a wild guess, and what do you know: it equals 0gJsyagDyu3QQ. This was done in perl on an HP-UX 11.11 machine so YMMV, depending...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    I got one thing to say, I used to play on CA, got bored with it though, and your not supposed to ask for help, your supposed to figure it out yourself, but when I was playing I think that was level three, and you got that password from a VB file that you opened in a hex editor. . .but if it is still set up the same. . .JTR should do it, took me about a day to come up with the old password. . .gl either way though.
    Every now and then, one of you won't annoy me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •