RE: Craking Serv-u passwords stored in .ini file.

From: Ferruh Mavituna (ferruh@mavituna.com)
Date: Wed Sep 01 2004 - 11:29:04 EDT

• Next message: Dimitrov, Constantin: "RE: Help Exploiting MQ"
• Previous message: DokFLeed.Net: "Re: listing directory structure within webserver root"
• In reply to: [Arcangel]: "Craking Serv-u passwords stored in .ini file."
• Next in thread: M. D.: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Arc,

Add 2 random chars beginning of the password then chars + MD5Hash of
complete string

For example;

Pass is: tester
Random Characters: ax
Serv-u INI pass is: axEC246B60729AA9F32F23DB03A49A397F
MD5(axtester) = EC246B60729AA9F32F23DB03A49A397F

So you can try to "mdcrack" to crack MD5 or you can rainbow tables;

Best Regards;

Ferruh Mavituna
http://ferruh.mavituna.com
PGP Key: http://ferruh.mavituna.com/pgpkey.asc

> -----Original Message-----
> From: [Arcangel] [mailto:arcangel@phreaker.net]
> Sent: Tuesday, August 31, 2004 3:58 AM
> To: Pent-Test Security Focus
> Subject: Craking Serv-u passwords stored in .ini file.
>
> Hi list.
> Im looking the manner to crack users passwords stored in ServUDaemon.ini
> whit [Regular Password].
>
> Example:
>
> [USER=Arcangel|1]
> Password=at3764132C1E6D47317A784A22A31EF3E4
>
> Can you help me?
>
> Thx. Arc.
>
>
> --------------------------------------------------------------------------
> ----
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
> -----

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Dimitrov, Constantin: "RE: Help Exploiting MQ"
• Previous message: DokFLeed.Net: "Re: listing directory structure within webserver root"
• In reply to: [Arcangel]: "Craking Serv-u passwords stored in .ini file."
• Next in thread: M. D.: "RE: Craking Serv-u passwords stored in .ini file."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:02 EDT