 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 529
 Members: 0
 Total: 529
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
shadow or .PWD file |
|
 Posted: Wed Jan 12, 2005 6:36 am |
 |
|
| Injector |
| Active user |
 |
| |
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
 |
|
 |
|
when i got inside a site i saw file like "shadow and .PWD file"
like: "injector:asdaseaewa:::..."
Does that mean that that is the password?and if so can it be decrypted or unhashed. I tried decrypting it using cain but it doesnt seem to recognise it. Cain only decrypts PWL and MD5 |
|
|
|
|
| Posted: Wed Jan 12, 2005 12:57 pm |
|
|
| ReFleX |
| Active user |
|
| |
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
ok injector... I think it's a password file BUT to now in what system is encrypted and for what is that password you have to say the name of the file. Is it's a linux password you should try to use John The Ripper. This soft detects automaticaly whats encryption system uses
hope I could help |
|
|
|
|
| Posted: Wed Jan 12, 2005 8:56 pm |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Please give more details - what is file name and post some sample fragment from file. |
|
|
|
|
|
|
|
|
| Posted: Thu Jan 13, 2005 6:39 am |
|
|
| Injector |
| Active user |
|
| |
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
E.g: wayback:QEMMvo4bg0S4w
When i got that file I thought it was .PWL file cause it looks like the ones on unix server hacking tutorials but when i tried to decrypt it using cain it wont work. What kind of encryption is it?
And yeah i was also having some read access to some emails and they were encrypted in some sort like one email is something like this:
ASHGGASHBUYWBDNUDNWUYNDWUYNYUWDNDNWUYNDWUN
DWIUNDUWINDUIWNDIUNWIUDNWIUNDWUINDUWINDUIWWI
ASIUQHSUIQNSIQSMKMFDUHFYUHSDYUWNEIWNEUIWNUIWQI
ASIUNIUDFNWUINDUIWNUNENIZJSIZNUSNANSAIUNSUANSSN
ASHGGASHBUYWBDNUDNWUYNDWUYNYUWDNDNWUYNDWUN
DWIUNDUWINDUIWNDIUNWIUDNWIUNDWUINDUWINDUIWWI
ASIUQHSUIQNSIQSMKMFDUHFYUHSDYUWNEIWNEUIWNUIWQI
ASIUNIUDFNWUINDUIWNUNENIZJSIZNUSNANSAIUNSUANSSN
ASHGGASHBUYWBDNUDNWUYNDWUYNYUWDNDNWUYNDWUN
DWIUNDUWINDUIWNDIUNWIUDNWIUNDWUINDUWINDUIWWI
ASIUQHSUIQNSIQSMKMFDUHFYUHSDYUWNEIWNEUIWNUIWQI
ASIUNIUDFNWUINDUIWNUNENIZJSIZNUSNANSAIUNSUANSSN
ASHGGASHBUYWBDNUDNWUYNDWUYNYUWDNDNWUYNDWUN
DWIUNDUWINDUIWNDIUNWIUDNWIUNDWUINDUWINDUIWWI
ASIUQHSUIQNSIQSMKMFDUHFYUHSDYUWNEIWNEUIWNUIWQI
ASIUNIUDFNWUINDUIWNUNENIZJSIZNUSNANSAIUNSUANSSN
Is that a PGP or something. I saw it when i was trying to view neomail in the server remotely. Is there any way that can be decrypted? |
|
|
|
|
|
|
|
|
| Posted: Thu Jan 13, 2005 11:54 am |
|
|
| ReFleX |
| Active user |
|
| |
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
| could you give more info... like whats the FILENAME and in what directory did you find it??? |
|
|
|
|
| Posted: Thu Jan 13, 2005 4:37 pm |
|
|
| Injector |
| Active user |
|
| |
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
I saw it on directory "_vti_pvt"
Having a filename of "service.pwd" |
|
|
|
|
| Posted: Thu Jan 13, 2005 4:51 pm |
|
|
| ReFleX |
| Active user |
|
| |
| Joined: Nov 05, 2004 |
| Posts: 39 |
| Location: ARGENTINA! |
|
|
|
|
|
|
O.. you really could start from there  It's the password for FRONT PAGE EXTENSIONS, search a cracker.. i really dont know what programs cracks front page password. |
|
|
|
|
|
|
|
|
| Posted: Fri Jan 14, 2005 10:07 pm |
|
|
| waraxe |
| Site admin |
|
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
This hash is 13 chars long, seems like DES hash.
Look at here
http://neworder.box.sk/newsread_print.php?newsid=3910
to see good tutorial about exlpoiting FrontPage Extensions.
Citate from that article:
| Quote: |
Here's what I normally would do if I would crack a Standard DES encrypted password file:
I would start with this command in the JtR:
john -single c:\\mypasswordfile.pwd
This command tries to crack the encryption (the Password) with the Username. If this command doesn't crack the password (which in most cases not), I would try with some rules (read the texts shipped with JtR for more info) or issue this command:
john -i c:\\mypasswordfile.pwd
This command would do something called Increasing, meaning it would try to crack with all possible characters/combinations (if I recall) starting from a to z, then ab to z and so on. This command is a bit time consuming, but in most cases you'll get your Password cracked. Imagine a Password like: ZZ#S)2:-_!#S
|
So it's John The Ripper time  |
|
|
|
|
|
|
|
|
| Posted: Fri Jan 14, 2005 10:14 pm |
|
|
| waraxe |
| Site admin |
|
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
One more thing - so called "Google Hack". Lets try this:
http://www.google.com/search?hl=et&q=%22Index+of%22+%22service.pwd%22&lr=
and we get LOTS of interesting stuff. Lets look at 3-rd position:
| Quote: |
Index of /nsfc/cen/00/kxb/hxb/_vti_pvt
Index of /nsfc/cen/00/kxb/hxb/_vti_pvt. ... K service.cnf 20-Mar-2003 14:02 1.5K
service.grp 20-Mar-2003 14:02 51 service.lck 20-Mar-2003 14:02 0 service.pwd 20- ...
www.nsfc.gov.cn/nsfc/cen/00/kxb/hxb/_vti_pvt/ - 4k
|
And we see:
| Quote: |
# -FrontPage-
huangbs:2o7hEEnSrInTY
|
By looking at domain name we see, that its some kind of Chinese Govermental server  OMG  |
|
|
|
|
| Posted: Sat Jan 15, 2005 12:33 am |
|
|
| Injector |
| Active user |
|
| |
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
| thanks dude your da man |
|
|
|
|
| Posted: Sun Jan 16, 2005 5:30 pm |
|
|
| hacklibya |
| Beginner |
|
| |
| Joined: Jan 16, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Jan 16, 2005 6:13 pm |
|
|
| mateusz |
| Regular user |
|
| |
| Joined: Dec 05, 2004 |
| Posts: 17 |
| Location: Poland |
|
|
|
|
|
|
|
|
|
|
|
exploits |
|
| Posted: Tue Jan 18, 2005 8:13 pm |
|
|
| cause |
| Beginner |
 |
| |
| Joined: Jan 18, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
 sup i have a few things i would like to ask i been exploiting for alittle while now but all i can do is use the search and journal and the search doesnt work i need something that will get me in nomatter what so if there is any exploits out that could help me could you let me know |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
[/b]