+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Decrypting usenet headers, part 2 (/thread-6281.html)
Decrypting usenet headers, part 2 - Somnambulist - 02-08-2017
So the troll/spammer has changed to Google Groups and is using a VPN for the IP, but all posts have a "posting-account" header, which is encoded, and I was wondering if anyone of you guys could see what kind of format it is and how to possibly decode it?
Here are some examples:
- VaXkVAoAAADbkEFbLXXJcNV34P1KTZKR
- Vm0uAgoAAABvTYeieyl4GElbOkHDqJYr
- v_2vHwoAAACkQKbseN841UEbqgaDTAQd
All seem to have a "AAA" part in them that feels like it is significant.
RE: Decrypting usenet headers, part 2 - royce - 11-19-2017
I'm not familiar with that specific header, but - just speculating - it looks like a proprietary encoding/encryption scheme. When specific ecosystems (like Google) insert such public headers for their own private use, it's likely that part of the scheme includes a private component that only they know.
Regardless, hashcat does not support attacking this header.