I have a program I need to break into. The username and password are stored in a MS SQL table. I can access them easily thourgh the enterprise management console to see the username and password fields. The username is stored in uppercase cleartext, the password is not. There is some sort of math that is applied to the password to come up with something incoherent.
I know the passwords of other users, and I was hoping it was going to be a basic look up table. A always equals Z or some such, but this doesn't seem to be the case.
My boss changed her password from what it was to "aaaaa" (no quotes). The password in the table then changed, but it changed to, ")3,.4". (Again, no quotes.)
You will see that if you have a 5 letter PW, the excrypted version will also be 5 letters. I found this to be true with all fo the passwords that I know.
Another user's PW is "tequila" the encrypted version is, ">9>D>B,".
From what I can see, the characters available for the encryption are upper and lower case characters as well as numbers and symbols. I am curious is maybe it's the ascii lookup table that they are using. A = 168 and such.
All help is greatly appreciated!
-Matt
Since you've posted the thread here, you might wanna delete the one in the General DB forum. It fits better here...
//NoXcuz
uh oh mathieu, with the one i answered to in the C forum, this makes at least three.
please donīt cross-post here, delete all but one (edit the first message, check "delete", press "delete now").
And read the forum rules!
Thanks guys,
I will delete the other ones, I figured it would fit here best, but it didn't look like this forum got much action...
Not here to break rules, just trying to get coverage. :)
NoXcuz I'm trying to break the algorythm for two reasons, one because I'm interested in it, and two because I need to the password of another user without them knowing it so I can track them through the system since they are doing things deemed as no-nos.
M. Hirsch, I would love to delete the other two posts, but when I click the edit button it tells me I don't have access...
Well, presumably you can't just look at the code that's making the password...
Got a few space hours? Want to try brute force? You've got the number of characters in the password, so writing a programs that tries everything that long until it matches the encrypted string shouldn't take that long.
Since the ethical aspects of this hasn't been mentioned, you could also install a sniffer that logs keystrokes etc from the user(s). Then you'd just have to parse the logfiles...
//NoXcuz
well
since he is posting this question in algorithms forum not hacking forum I think he is asking about an algorithm used to either encrypt or decrypt those words, not about how to break into the system ..
AbuAnas
Can you start with something small (1 / 2 chars) and tabulate what the different characters possible in the password would correspond to in the lookup table?
See if this extends to more characters. Determine whether their is a one to one relationship between the unencrypted password and the encrypted one.
if the stored passwords are converted through a known algorythm before they stored, you can use its decode function to get the real password.
but there are also known encryption algorythms that does not heve a decode function. if it is that last then I don't think you can do anything. The same goes if the passwords are stored using the mysql password() function.