0

so our company's CTO quit, and i replaced him and we need to change the system's passwords, however some passwords are encrypted in our database and i need to know what encryption to use in order to place new ones.

the encryption i am looking for is not base16-32-64. few examples:

12345678: qxha5ZeyN4w0TaEWSDSCNBNNC4Xlb9fg== root: Jxtf5LQJohE= admin: azOwKPoUYP4=

i tried Base encryption/decryption but i did not get the results either way http://online-calculators.appspot.com/base64/

any help is appreciated

thanks

hfiani
  • 1
  • 1
  • 2
    possible duplicate of [how to know which encryption is been used](http://security.stackexchange.com/questions/73335/how-to-know-which-encryption-is-been-used) – Milen Nov 27 '14 at 15:03
  • 2
    Are you trying to decrypt the passwords of your previous CTO? – Gudradain Nov 27 '14 at 15:45
  • 1
    ^ Something seems a bit odd – cutrightjm Nov 27 '14 at 16:10
  • You are confusing encoding, encrypting, and hashing. Where did you get those password strings? – schroeder Nov 27 '14 at 17:45
  • no guys, as my previous CTO left (there was a fight with our manager) he now have all of the passwords. the software that is using those passwords is not open source and unfortunately cannot be changed from it. and the company who did this software is no more (software is 8 years old). so we need to change those passwords. the examples given are passwords already in our database and i know them this is why i am trying to figure it out so i can put other more complex passwords. – hfiani Nov 28 '14 at 06:55

2 Answers2

1

Passwords in databases are rarely encrypted, they're hashed instead. Encryption is a reversible process - you can decrypt content, given that you know the encryption method and password. Hashing on the other hand, isn't a reversible process.

What you're looking at is not an encrypted password, but a hashed one.

On the question of replacing the password in your database - this is easy to do, you'll just need to use the same hashing algorithm, generate your own hashed entry, and store it in the database. Keep in mind also the fact that most hashing algorithms use salt.

I'd suggest posting the product name, or the system you're trying to change the passwords for, then we may be able to let you know how to change these passwords.

One thing is certain - it would be really hard to find out the original passwords from the hash (unless there's no salt, or something that exists in rainbow tables).

I've looked at it, it's most definitely a base64 encoded hash, the hash algorithm most probably being MD5 or similar. What you're doing wrong in your decoding is that you're trying to make sense of text data (which looks like garbage text and doesn't make sense), while you've got to look at the ASCII codes of each character instead. Look at the last text output field of http://www.hcidata.info/base64.htm You'll see 16 bytes (or 8 bytes) of ASCII hex codes. This is your target. Then look at the output generated by the various hashing algorithms: http://openwall.info/wiki/john/sample-hashes

Good luck!

Milen
  • 1,148
  • 6
  • 12
  • He basically asks what hashing algorithm is used, so he can replace the passwords with new ones. – Johannes Kuhn Nov 27 '14 at 14:11
  • Sure, but for someone that is not familiar with IT-Sec, a hash is just a form of encryption. Yes, there is a difference (you can't decrypt it), but that is not important here. – Johannes Kuhn Nov 27 '14 at 14:43
  • 1
    Milen - One of our rules: be polite! Or you will be suspended! – Rory Alsop Nov 28 '14 at 00:18
  • Sorry, got upset over something that in hindsight I shouldn't have :) – Milen Nov 28 '14 at 02:38
  • product is Chinese. i doubt that you know this product. an 8 years old chinese software that is done by a company that we longer have communication with, this is why i cannot get their support, and i need to change those passwords – hfiani Nov 28 '14 at 07:08
  • Is it a web based system, or is it a standalone application? Does it run on Windows or Linux? There are hundreds of things you can do to solve this little puzzle, depending on what and how does it run - from simply looking at the source code or DLLs, through tracing calls, reverse engineering it (e.g. Hex Rays IDA, or gdb). The more information you provide, the more we can help! – Milen Nov 28 '14 at 11:40
1

The first one seems pretty weird. If we remove the two ending '=' of the first one, It seems to me it would be a base64 encoding of an encryption of the password using a block cipher that has 64bit-long blocks.

Since I don't see anything looking like an IV, my guess is it is using an ECB mode.

Furthermore (I am still guessing), the adobe leak that occurred a bit more than a year ago was using a similar system : a 3DES-EBC encryption of the non-salted password that was then encoded using base64. Maybe the old CTO used the same mechanism.

(This is, I believe a bad way to store passwords, by the way)

I'd say you'd have more luck by trying to look into the code that is verifying the password, to see how the check is performed. You should see the used algorithms in the code. If you can find that part, of course.

Aniem
  • 186
  • 4
  • i tried all kinds of encodings/encryptions i can think of, sha1 md5 baseXY.... none seem to get me into the same strings i already have and know that work – hfiani Nov 28 '14 at 06:58
  • You are trying encodings and hashes. I am willing to bet this is an encryption algorithm (Probably 3DES-ECB followed by base64), which requires a key. – Aniem Nov 28 '14 at 07:07
  • yeah meanwhile i looked to what you said. if so how is it possible to get this key? i bet it is almost impossible yes? – hfiani Nov 28 '14 at 07:09
  • Find the software that is used for testing the passwords on your system, and look into it (source code, config files). You'll find the algorithms used and the keys (if some are there) – Aniem Nov 28 '14 at 07:32
  • this is my problem, i reached the limits of my resources, i tried to find stuff inside the config files, but all i can find is more encrypted stuff (same encryption) i am trying now to make an encoding followed by an encryption, (so far i tried md5 then base64, and base64 then base64) but nothing so far worked for me. – hfiani Nov 28 '14 at 07:42