05-23-2014, 08:16 AM
In the course of an engagement, I managed to get into the database of HP OpenView Operations. The database stores the user passwords in some form of hashed or encrypted format. At first, I thought it was a SHA-1, since it was 40 hex characters long. But after hours of no passwords (which was highly unlikely given the other passwords I had already cracked on this domain), I decided to take a closer look. I get the sense HP is doing some custom thing with there. The total hash is 16 hex characters, followed by the characters "C200", followed by another 20 hex characters. Without fail, every one of the hashes has the characters "C200" as the 17th through 20th characters.
Has anyone seen this before or have any idea what HP is doing?
Has anyone seen this before or have any idea what HP is doing?