#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0

    Unhappy Password encryption


    I have a program I need to break into. The username and password are stored in a MS SQL table. I can access them easily thourgh the enterprise management console to see the username and password fields. The username is stored in uppercase cleartext, the password is not. There is some sort of math that is applied to the password to come up with something incoherent.

    I know the passwords of other users, and I was hoping it was going to be a basic look up table. A always equals Z or some such, but this doesn't seem to be the case.

    My boss changed her password from what it was to "aaaaa" (no quotes). The password in the table then changed, but it changed to, ")3,.4". (Again, no quotes.)

    You will see that if you have a 5 letter PW, the excrypted version will also be 5 letters. I found this to be true with all fo the passwords that I know.

    Another user's PW is "tequila" the encrypted version is, ">9>D>B,".

    From what I can see, the characters available for the encryption are upper and lower case characters as well as numbers and symbols. I am curious is maybe it's the ascii lookup table that they are using. A = 168 and such.

    All help is greatly appreciated!

    -Matt
  2. #2
  3. Big Endian
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    May 2001
    Location
    Fly-over country
    Posts
    1,172
    Rep Power
    30
    If "tequila" = ">9>D>B," then obviously the characters displayed are meaningless. The character ">" can't unencrypt to both "t", "q" and "i".

    Find out what the ASCII values of each of the letters are and maybe you can spot a pattern. If you're lucky, they didn't use a very sophisticated encryption algorithm.

    SELECT ASCII(SUBSTRING(fieldname, 1, 1)) FROM tablename
    SELECT ASCII(SUBSTRING(fieldname, 1, 2)) FROM tablename
    .
    .
    SELECT ASCII(SUBSTRING(fieldname, 1, n)) FROM tablename
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    i hope it is ok to post links like that, but here you go:

    http://astalavista.box.sk/cgi-bin/robot?srch=mssql

    disclaimer: i take no resposibility for this link. enter at your own risk. i donīt ever visit this particular or related sites. i just remembered that i found it by accident on google one day.

    anyway, off-topic, so shame on you!

    to dcaillouet: two same chars can decrypt to different ones since their position could matter ;)

    ps. since we all are programmers, and you seem to have local access to the database, why not brute-force it? or get a dictionary text file and write a little program - didnīt you watch hackers? :D
  6. #4
  7. Big Endian
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    May 2001
    Location
    Fly-over country
    Posts
    1,172
    Rep Power
    30
    Since you have access to the database, would it be possible for you to run a command similar to the following:

    UPDATE tablename
    SET tablename.password = b.password
    FROM tablename, tablename b
    WHERE tablename.user = 'my boss'
    AND b.user = 'my co-worker'

    Depending on the algorithm used, your boss could then login using "tequila" because in the database she would have ">9>D>B," too. (I'm hoping in this case that the passwords are encrypted using some kind of fixed algorithm instead of one that uses a variable key).

    Just throwing out ideas...
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0
    I cross posted this in algorythms, and I tried to delete this here to stay within the rules, but it said I didn't have access to delete it.

    M. Hirsch I didn't think it was off topic if the algorythm may have been created in C or C++, so I think I'm ok...

    Please see this thread, I didn't think this would get as many replys as it did!

    Password Algorithm - A CHALLENGE!

    dcaillouet it was pretty obvious that it's not a look up table, when a second user changed their password to aaaaa the same password appeared, so I wonder if there is a lookup table with an offset to the position of the letter in the word. I will do more testing...
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    it IS off-topic. there is an algorithms forum and i think the lounge is a good place to discuss this too.

    it is off-topic because
    - this forum is about c programming
    - your question is not. at least not specifically. read thread #1 in this forum (labeled "sticky").
    - it really does not matter at all if the algorithm is made in c or not, any programming language and even paper and pen could do this.

    do you get the point?

    nevermind... :)

IMN logo majestic logo threadwatch logo seochat tools logo