Betr.: Craking Serv-u passwords stored in .ini file.

From: Philip Wagenaar (p.wagenaar@accon.nl)
Date: Wed Sep 01 2004 - 04:24:42 EDT


Hi,

Looks to me that the password is stored using a hash. This means you would have to use Serv-u's hasing method with a dictonary attack.

Met vriendelijke groet,

Philip Wagenaar
Junior Projectleider ICT

AccoN Accountants & Adviseurs
ICT Project Bureau
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
Yahoo: philip_wagenaar
http://www.accon.nl

>>> "[Arcangel]" <arcangel@phreaker.net> 31-08-04 02:57 >>>
Hi list.
Im looking the manner to crack users passwords stored in ServUDaemon.ini
whit [Regular Password].

Example:

[USER=Arcangel|1]
Password=at3764132C1E6D47317A784A22A31EF3E4

Can you help me?

Thx. Arc.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank.

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you.

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by MailMarshal
#####################################################################################

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:02 EDT