06-13-2018, 03:03 PM
These D3S values are certainly encrypted, obfuscated or both. Why?
![[Image: sLZj.png]](https://0x0.st/sLZj.png)
The authentication mechanisms APOP, CRAM-MD5 and DIGEST-MD5 all have something in common: The server has to know the password.
Still not convinced? As soon as you use the "strongly secure SHA format" (more on this later) the flag isPasswordReversible is set to false.
![[Image: sLZp.png]](https://0x0.st/sLZp.png)
This means by default that is true and therefore the password is reversible.
I do not know the details but here are some interesting observations.
1. When I set the same password (123456) I get the same static suffix:
2. It changes when using another password but across multiple accounts it stays the same. For example with password set to 1234567
3. The output size depends on the password length. Password: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (32x A)
Notice that the pattern adfa4447eff8dc repeats three times. This points in the direction of a block cipher with a block size of 8 bytes. So like DanielG mentioned DES or 3DES is highly likely.
Now coming back to the SHA hashes.
They have the "SHA:" prefix e.g.
The algorithm used is PKBDF2-HMAC-SHA1 with 10000 iterations. And that is already supported by hashcat.
The first 16 hex chars are the salt and the rest the hash. Here are some lines of python to format the hashes for hashcat.
See it in action
Now the interesting part is for every user there's a password history saved in users.cfg which is using this algorithm.
And when you create a new user the first entry in the password history is also the current password.
The authentication mechanisms APOP, CRAM-MD5 and DIGEST-MD5 all have something in common: The server has to know the password.
Still not convinced? As soon as you use the "strongly secure SHA format" (more on this later) the flag isPasswordReversible is set to false.
This means by default that is true and therefore the password is reversible.
I do not know the details but here are some interesting observations.
1. When I set the same password (123456) I get the same static suffix:
Code:
D3S:32fc936ccfab2e3fc7bdbbd8895dcaecf0cdb947f0ff2757
D3S:c36e4be2280fa230aa5d4a9de5aef11af0cdb947f0ff27572. It changes when using another password but across multiple accounts it stays the same. For example with password set to 1234567
Code:
D3S:10b2f2db66669ef03c39d1f2cdfaf835824e3e787e1f3307
D3S:7214614a6b3fc1932fd98c8404118268824e3e787e1f33073. The output size depends on the password length. Password: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (32x A)
Code:
D3S:8742ddf7db1906c5d54ec948c500e587adfa4447eff8dc42adfa4447eff8dc42adfa4447eff8dc4298558bad76110b35
D3S:2962f547d408925a8948beccd54c660aadfa4447eff8dc42adfa4447eff8dc42adfa4447eff8dc4298558bad76110b35Now coming back to the SHA hashes.
They have the "SHA:" prefix e.g.
Code:
SHA:9deb9254021335cf21e6aa91b568657b8e3b30ee92acab5aa44f0ac3The algorithm used is PKBDF2-HMAC-SHA1 with 10000 iterations. And that is already supported by hashcat.
The first 16 hex chars are the salt and the rest the hash. Here are some lines of python to format the hashes for hashcat.
Code:
#!/usr/bin/env python2
import sys
for line in sys.stdin:
line = line.rstrip()
salt = line[:16].decode('hex').encode('base64').strip()
hash = line[16:].decode('hex').encode('base64').strip()
print "sha1:10000:%s:%s" % (salt, hash)Code:
$ echo 9deb9254021335cf21e6aa91b568657b8e3b30ee92acab5aa44f0ac3 | ./format.py
sha1:10000:neuSVAITNc8=:IeaqkbVoZXuOOzDukqyrWqRPCsM=
$ echo 123456 | ./hashcat --quiet -m 12000 sha1:10000:neuSVAITNc8=:IeaqkbVoZXuOOzDukqyrWqRPCsM=
sha1:10000:neuSVAITNc8=:IeaqkbVoZXuOOzDukqyrWqRPCsM=:123456Now the interesting part is for every user there's a password history saved in users.cfg which is using this algorithm.
And when you create a new user the first entry in the password history is also the current password.