EvilZone

Hacking and Security => Hacking and Security => : JacobTheArbiter May 01, 2012, 07:41:54 AM

: How is this encrypted
: JacobTheArbiter May 01, 2012, 07:41:54 AM

Hi again Evilzone
I just posted a few days ago to do with how i found the school admins password and I wanted to keep a backdoor open for access at any time
I explain it more elequently here
http://evilzone.org/hacking-and-security/school-network-got-the-admin's-password/ (http://evilzone.org/hacking-and-security/school-network-got-the-admin's-password/)
 
I have made quite a lot of headway on this project but I have found something else, a .yaml file with many Usernames and passwords in it, the issue is that im not sure how it is encrypted i was wondering if you could have a look at it for me and tell me how to decrypt it
any help would be greatly appreciated
 
by the way i know it says sha2 but apparently this string is too small for sha2
also i have tried base64 but that didnt work for me
 
as I said any help is greatly appreciated
 
---
- _sha2_: 8b443458a9393e8485fc96b031a7afab4e0bd7a9
- admin:
    :device:
    :login: admin
    :p: 18lP97fHBJZkQjJDEuImpA==
    :type: snmp
  Administrator:
    :device:
    :login: Administrator
    :p: ZZoIM/eAO8vEU6tCzCZx+tXU41qWvOBevuUxiH5XXWY=
    :type: wmi
  Cisco:
    :device:
    :login: root
    :p: BjrmO0lvEh5zTixRGbSrgQ==
    :type: http
  esx admin:
    :device:
    :login: root
    :p: k/Msj0boNfFoNtN5EQ3fGA==
    :type: esx
  esx root:
    :device:
    :login: root
    :p: 9XNI6SKSBfhN0kYyF92SgA==
    :type: esx
  local admin:
    :device:
    :login: Administrator
    :p: DiyCFf2mKrtB+LureWB0nQ1QDouxzkordtT1s1yio0A=
    :type: wmi
  localadmin:
    :device:
    :login: localadmin
    :p: /T9g/pXqd2v3eqdilhZVWNgtLhJaay4RcFV8ZO06ems=
    :type: ssh
  mac local admin:
    :device:
    :login: localadmin
    :p: SMEgTRIXBooP1FeRrcrSOA3eta/DbhskLdDDK2tFhv8=
    :type: ssh
  None:
    :device:
    :login: Will Not Try WMI
    :p: PJ19x19hPduZyth8V5O3vCLqt62GpH1KAd0H3f8avPU=
    :type: wmi
  Public:
    :device:
    :login: public
    :p: 1G+iFdT5x+WDmzv+6cQyag==
    :type: snmp
  schadm:
    :device:
    :login: schadm
    :p: Csc42VzYSe4oYV84aZM+5w==
    :type: wmi
 
Thanks guys :)

: Re: How is this encrypted
: JacobTheArbiter May 01, 2012, 07:44:01 AM

I also found this
 
CytJYo8ttT5bkOfhEBjWRQJFyEopywcE
 
In a file called secret.txt
 
any ideas guys?

: Re: How is this encrypted
: Z3R0 May 01, 2012, 11:30:27 AM

They're all encoded with Base64, and when decoded they all come back as binary data. Give me some more time and I'll see if I can do anything else.

EDIT: This is a hexdump of the binary I got from the secret.txt

:

2b0b62492d8f3eb5905be1e7181045d645024ac8cb290407Your guess is as good as mine, but if it is a hash, there are only two algorithms that spit out a 24-byte digest, and that is Haval-192, and Tiger, but I highly doubt it's either of those.

: Re: How is this encrypted
: JacobTheArbiter May 01, 2012, 01:54:29 PM

wow thanks a lot for such a detailed answer :)
i didnt expect that
and trust me, your guess is much better than mine :P