which cipher is this?

[codelogman]

Originally posted here by C47
!CRYPT!103CF0A0C28A711EB964F627A3B


some site says its md5, but cain does not accept it even if i paste it without the !CRYPT!

http ftp certification code, like HTRegz says: "punch that into google and I get this from a registry dump".

The cert is a essential registry for www transactions, one of my virus work attack this registry and put the the value "dword norad = !CRYPT!103CF0A0C28A711EB964F627A99" see the final 99 inserted. for irc pre authenticated...


so the ProxyPwd reffers a hexadecimal cypher:


the code:

Code:

public static string doHttpGet(string webURL, string sParameters)
{ 
	HttpWebResponse webRes = null;
	HttpWebRequest webReq = null;
	WebProxy webProxy = null;

	string httpResponse = "";
	sParameters = HttpUtility.UrlEncode(sParameters);

	string proxyAddr = ConfigurationSettings.AppSettings["ProxyAddr"];
	string proxyPort = ConfigurationSettings.AppSettings["ProxyPort"];
	if(ConfigurationSettings.AppSettings["EnableProxy"] == "1" &&
		proxyAddr != null && proxyAddr.Length > 0 && proxyPort != null)
	{
		try
		{
			webProxy = new WebProxy(proxyAddr, int.Parse(proxyPort));
		}
		catch
		{
			webProxy = new WebProxy(proxyAddr, 80);
		}
		string proxyUser = ConfigurationSettings.AppSettings["ProxyUser"];
		string proxyPwd = ConfigurationSettings.AppSettings["ProxyPwd"];
		string proxyDom = ConfigurationSettings.AppSettings["ProxyDom"];
		if(proxyUser != null && proxyUser.Length > 0 && proxyPwd != null && proxyDom != null)
			webProxy.Credentials = new NetworkCredential(proxyUser, proxyPwd, proxyDom);
	}

	try 
	{
		ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
		sParameters = "";
		webReq = (HttpWebRequest)HttpWebRequest.Create(webURL + sParameters);
		if(webProxy != null)
			webReq.Proxy = webProxy;
		webReq.Timeout = int.Parse(ConfigurationSettings.AppSettings["WebTimeout"]);
		webReq.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)";
		webReq.Method = "GET";
		webReq.ProtocolVersion = HttpVersion.Version11;
		webRes = (HttpWebResponse)webReq.GetResponse();
		Stream stmRes = webRes.GetResponseStream();
		StreamReader stmReader = new StreamReader(stmRes);
		httpResponse = stmReader.ReadToEnd();
	}
	catch(WebException ex)
	{
		httpResponse = "";
	}
	finally 
	{
		webReq = null;
		if(webRes != null)
			webRes.Close();
		webRes = null;
	} 
	return httpResponse;  
}

try to resolve a url using a base ProxyPwd on this line:

Code:

		string proxyUser = ConfigurationSettings.AppSettings["ProxyUser"];
		string proxyPwd = ConfigurationSettings.AppSettings["ProxyPwd"];
		string proxyDom = ConfigurationSettings.AppSettings["ProxyDom"];
		if(proxyUser != null && proxyUser.Length > 0 && proxyPwd != null && proxyDom != null)
			webProxy.Credentials = new NetworkCredential(proxyUser, proxyPwd, proxyDom);

and get a webresponse passing trow by proxy or not.


mmm for perfect understanding that i give you a piece of php web page resolver.

proxyPwd compose a Base 64 cipher, the format is (USER, PASSWORD)

see the php example of non converted parameters:

PHP Code:

$http_method = 'http'; 
$hostname = 'www.antionline.com'; 
$cgi = '/azrael/aoexample/'; 


$proxy = 'http://proxy.crackenfind.net'; 
$proxypwd = base64_encode("aleksei:antionlinemember"); 
#$proxypwd = "aleksei:antionlinemember"; 


$XMLRequest = '<?xml version="1.0" encoding="ISO-8859-1"?>\n'; 
$XMLRequest .= '<message xmlns="http://antionline.com/messageadmin">\n'; 
$XMLRequest .= ' <Header>\n'; 
$XMLRequest .= ' <ClientId>Web request test</ClientId>\n'; 
$XMLRequest .= ' <TransactionId>dklfj24ru743u3fj320fy49f84gyf</TransactionId>\n'; 
$XMLRequest .= ' </Header>\n'; 
$XMLRequest .= ' <Body>\n'; 
$XMLRequest .= ' <code>#66#16#33\n';
$XMLRequest .= ' <code>\n'; 
$XMLRequest .= ' </Body>\n'; 
$XMLRequest .= '</message>\n'; 


$ServiceId = 'antionline:com.messageadmin:proxy.crackenfind.net'; 

$data_string = "ServiceId=".$ServiceId."&XMLRequest=".$XMLRequest; 

$curl_handle = curl_init ("http://www.antionline.com/messageadmin"); 

curl_setopt ($curl_handle, CURLOPT_PROXY, $proxy); 
curl_setopt ($curl_handle, CURLOPT_PROXYPORT, 8080); 
curl_setopt ($curl_handle, CURLOPT_PROXYUSERPWD, $proxypwd); 
curl_setopt ($curl_handle, CURLOPT_HTTPPROXYTUNNEL,1); 
curl_setopt ($curl_handle, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt ($curl_handle, CURLOPT_POST, 1); 
curl_setopt ($curl_handle, CURLOPT_POSTFIELDS, $data_string); 
$result = curl_exec ($curl_handle); 

if (curl_error($curl_handle)) 
{ 
  printf("Error %s: %s", curl_errno($curl_handle), curl_error($curl_handle)); 
  die ("No such web request"); 
} 


curl_close ($curl_handle); 
echo $result; 


$proxypwd = base64_encode("aleksei:antionlinemember"); is the format in base64, the function that generate that seems like this java encoder:

Code:

try { 

URLConnection connection = _src.openConnection(); 

if (_proxyUser != null) { 

sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder(); String encoded = encoder.encode( 

new String(_proxyUser + ":" + _proxyPwd).getBytes()); 

connection.setRequestProperty("Proxy-Authorization", "Basic " + encoded); 

} 

connection.connect(); 

copyConnectionToFile(connection); 

} catch (IOException ex) { 

log("Failure accessing " + _src + ": " + ex.getMessage(), Project.MSG_ERR); 

}

i'm so bad expalining without code, but the base64 is a simple quest.


see the wikkipedia for knowing base64 format an encoder theory:

http://en.wikipedia.org/wiki/Base64



so best wishes!


AzRaEL
[NuKE] high council
www.crackenfind.net