06-25-2015, 10:52 PM
TeamSpeak Hash?
|
06-26-2015, 12:14 AM
(06-25-2015, 10:52 PM)radix Wrote: https://www.teamspeak-connection.de/Thre...t-aendern/ This is correct for server query accounts, however does not work for channel passwords. Perhaps the channel name is used as a salt?
06-26-2015, 12:30 AM
The irritating thing about all of this is the fact that each server query password is 8 characters long and could possibly include a capitalized, unzapitalized letter and a possibly numbers. It'd take me 250+ days on my humble 660 to check the combinations
okay I investigated this a little bit and indeed there are 2+ hashing algorithms used for teamspeak, the one for the server query password was already mentioned above so I will skip that now (it is just base64 (sha1 ($pass))).
the hashing algorithm for teamspeak's channel passwords is salted indeed, the input we need: algo = base64 (sha1 (base64 (sha1 ($pass)) . $salt)) pass = user defined password choosen when creating a new channel salt = each server has a unique salt that you need to get from the server database (e.g. ts3server.sqlitedb), i.e. the whole virtualserver_keypair value from the server_properties table (what is definitely not true is that the channel password depends on the channel name or other inputs/values not mentioned above) Example: pass = "hashcat" salt = "MG4DAgeAAgEgAiAKrFgEtih8Habhz0R7/ABdUPrD3Mg6kM1EFkN+PBUlVgIgEDoi+WeI31fiIi8XxT+H6hIdjTnw0RmOaCrUp+ISdJUCIQDvUMFtXGDKY7OI1AySeiA16fJBSSjp1Ie4aEFhikbd+A==" algo = base64 (sha1 (base64 (sha1 ($pass)) . $salt)) how to generate the hash: Code: $ # sha1 of password this LKDnlLWPjwK30Ua8UfJSEuVhYR4= hash matches exactly with the channel_password value found in the channel_properties table from the ts3server database (ts3server.sqlitedb for instance), which will be "inserted" when a user creates a new channel or "updated" if a user changes the channel password Some further notes: - this algorithm is not yet implemented in oclHashcat (if you want that devs implement it you need to open a trac ticket for it) - salt length (and overall length) is very long and might therefore not allow several optimizations that oclHashcat normally can do when it comes to sha1 hashing I'm not sure if all of this info was already discovered somewhere and made public. I only know that it was very easy to find out how it works by looking at the database etc and make educated guesses. Hope this helps @chickin: now please try yourself with your "123" password example and confirm that these steps work for you too (I can't because I don't have your salt and brute-forcing the salt is of course infeasible and a waste of time and other resources). attention: if you copy-paste text from the code section above be warned that forum posts contain zero-width spaces to make the posts easier readable (and to break the lines somewhere), remove them if you want to try the example (otherwise you might get different results) |
« Next Oldest | Next Newest »
|