odd md5 hash

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

odd md5 hash

Post by ChaosXIII on Sun Mar 14, 2010 6:25 pm
([msg=36739]see odd md5 hash[/msg])

I am pen testing a network at the request of admins. The website is used by students and teachers to manage grades at a school. The admins asked me to test if it was possible to breach so i went about my business but i have ran into a wall.

The local network at the school has mac spoofing enabled, so i spoofed the mac address of an already enrolled computer onto my net book. Once i was connected i ran an nmap scan and found a suitable victim (me on another pc, dont wanna damage people). Arpspoofed the client and ran sslstrip. Typed in the info on the victim pc and logged in. went to my laptop and checked the sslstrip log. i was presented with this:

Code: Select all
2010-03-11 20:31:32,980 SECURE POST Data (powerschool.avhsd.org):
pstoken=13137&account=413872&pw=aeb42c6eb3f25c8020d7e3b70463f610&x=36&y=11



I was surprised that it wasn't plain text. It appears as if it is md5. But md5 is the same every time and each login attempt results in a different password. I tried using rainbow tables to decrypt the md5 but it was no use. Its just not a normal md5. each time its different has a different pstoken.

I found the java script file the was the culprit of the encryption.

Code: Select all
/*
2 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
3 * Digest Algorithm, as defined in RFC 1321.
4 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
5 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
6 * Distributed under the BSD License
7 * See http://pajhome.org.uk/crypt/md5 for more info.
8 */
9
10/*
11 * Key populated on page.
12 */
13var pskey = null;
14
15/*
16 * Configurable variables. You may need to tweak these to be compatible with
17 * the server-side, but the defaults work in most cases.
18 */
19var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
20var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
21var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
22
23/*
24 * These are the functions you'll usually want to call
25 * They take string arguments and return either hex or base-64 encoded strings
26 */
27function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
28function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}
29function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}
30function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }
31function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }
32function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }
33
34/*
35 * Perform a simple self-test to see if the VM is working
36 */
37function md5_vm_test()
38{
39 return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72";
40}
41
42/*
43 * Calculate the MD5 of an array of little-endian words, and a bit length
44 */
45function core_md5(x, len)
46{
47 /* append padding */
48 x[len >> 5] |= 0x80 << ((len) % 32);
49 x[(((len + 64) >>> 9) << 4) + 14] = len;
50
51 var a = 1732584193;
52 var b = -271733879;
53 var c = -1732584194;
54 var d = 271733878;
55
56 for(var i = 0; i < x.length; i += 16)
57 {
58 var olda = a;
59 var oldb = b;
60 var oldc = c;
61 var oldd = d;
62
63 a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
64 d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
65 c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
66 b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
67 a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
68 d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
69 c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
70 b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
71 a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
72 d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
73 c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
74 b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
75 a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
76 d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
77 c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
78 b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
79
80 a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
81 d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
82 c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
83 b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
84 a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
85 d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
86 c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
87 b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
88 a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
89 d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
90 c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
91 b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
92 a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
93 d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
94 c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
95 b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
96
97 a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
98 d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
99 c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
100 b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
101 a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
102 d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
103 c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
104 b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
105 a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
106 d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
107 c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
108 b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
109 a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
110 d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
111 c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
112 b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
113
114 a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
115 d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
116 c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
117 b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
118 a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
119 d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
120 c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
121 b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
122 a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
123 d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
124 c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
125 b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
126 a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
127 d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
128 c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
129 b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
130
131 a = safe_add(a, olda);
132 b = safe_add(b, oldb);
133 c = safe_add(c, oldc);
134 d = safe_add(d, oldd);
135 }
136 return Array(a, b, c, d);
137
138}
139
140/*
141 * These functions implement the four basic operations the algorithm uses.
142 */
143function md5_cmn(q, a, b, x, s, t)
144{
145 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
146}
147function md5_ff(a, b, c, d, x, s, t)
148{
149 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
150}
151function md5_gg(a, b, c, d, x, s, t)
152{
153 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
154}
155function md5_hh(a, b, c, d, x, s, t)
156{
157 return md5_cmn(b ^ c ^ d, a, b, x, s, t);
158}
159function md5_ii(a, b, c, d, x, s, t)
160{
161 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
162}
163
164/*
165 * Calculate the HMAC-MD5, of a key and some data
166 */
167function core_hmac_md5(key, data)
168{
169 var bkey = str2binl(key);
170 if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);
171
172 var ipad = Array(16), opad = Array(16);
173 for(var i = 0; i < 16; i++)
174 {
175 ipad[i] = bkey[i] ^ 0x36363636;
176 opad[i] = bkey[i] ^ 0x5C5C5C5C;
177 }
178
179 var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
180 return core_md5(opad.concat(hash), 512 + 128);
181}
182
183/*
184 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
185 * to work around bugs in some JS interpreters.
186 */
187function safe_add(x, y)
188{
189 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
190 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
191 return (msw << 16) | (lsw & 0xFFFF);
192}
193
194/*
195 * Bitwise rotate a 32-bit number to the left.
196 */
197function bit_rol(num, cnt)
198{
199 return (num << cnt) | (num >>> (32 - cnt));
200}
201
202/*
203 * Convert a string to an array of little-endian words
204 * If chrsz is ASCII, characters >255 have their hi-byte silently ignored.
205 */
206function str2binl(str)
207{
208 var bin = Array();
209 var mask = (1 << chrsz) - 1;
210 for(var i = 0; i < str.length * chrsz; i += chrsz)
211 bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32);
212 return bin;
213}
214
215/*
216 * Convert an array of little-endian words to a string
217 */
218function binl2str(bin)
219{
220 var str = "";
221 var mask = (1 << chrsz) - 1;
222 for(var i = 0; i < bin.length * 32; i += chrsz)
223 str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask);
224 return str;
225}
226
227/*
228 * Convert an array of little-endian words to a hex string.
229 */
230function binl2hex(binarray)
231{
232 var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
233 var str = "";
234 for(var i = 0; i < binarray.length * 4; i++)
235 {
236 str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) +
237 hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF);
238 }
239 return str;
240}
241
242/*
243 * Convert an array of little-endian words to a base-64 string
244 */
245function binl2b64(binarray)
246{
247 var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
248 var str = "";
249 for(var i = 0; i < binarray.length * 4; i += 3)
250 {
251 var triplet = (((binarray[i >> 2] >> 8 * ( i %4)) & 0xFF) << 16)
252 | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 )
253 | ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF);
254 for(var j = 0; j < 4; j++)
255 {
256 if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
257 else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
258 }
259 }
260 return str;
261}
262
263function doAdminLogin(form)
264{
265 //deleteCookie("psaid");
266 var pw = form.password.value;
267 var i = pw.indexOf(";");
268 if (i < 0) {
269 form.username.value = pw;
270 form.password.value = "";
271 }
272 else {
273 form.username.value = pw.substring(0,i);
274 var pw2 = pw.substring(i+1); // Get the password and preserve the case
275 pw = pw.substring(i+1).toLowerCase();
276 form.password.value = hex_hmac_md5(pskey, pw);
277 if (form.ldappassword!=null) {
278 // LDAP is enabled, so send the clear-text password
279 // Customers should have SSL enabled if they are using LDAP
280 form.ldappassword.value = pw2; // Send the pw, preserving the case for LDAP
281 }
282 }
283 return true;
284}
285
286function doTeacherLogin(form)
287{
288 var pw = form.pw.value;
289 var pw2 = pw; // Keep a version with the case not mangled
290 pw = pw.toLowerCase();
291 form.pw.value = hex_hmac_md5(pskey, pw);
292 if (form.ldappassword!=null) {
293 // LDAP is enabled, so send the clear-text password
294 // Customers should have SSL enabled if they are using LDAP
295 form.ldappassword.value = pw2; // Use the version of the pw preserving case
296 }
297 return true;
298}
299
300function doStudentLogin(form)
301{
302 var pw = form.pw.value;
303 var pw2 = pw; // Save a copy of the password preserving case
304 pw = pw.toLowerCase();
305 form.pw.value = hex_hmac_md5(pskey, pw);
306 if (form.ldappassword!=null) {
307 // LDAP is enabled, so send the clear-text password
308 // Customers should have SSL enabled if they are using LDAP
309 form.ldappassword.value = pw2; // Send the unmangled password
310 }
311 return true;
312}
313
314function getCookie(name) {
315 var dc = document.cookie;
316 //alert("cookie=" + dc);
317 var prefix = name + "=";
318 var begin = dc.indexOf("; " + prefix);
319 if (begin == -1) {
320 begin = dc.indexOf(prefix);
321 if (begin != 0) return null;
322 }
323 else begin += 2;
324 var end = document.cookie.indexOf(";", begin);
325 if (end == -1) end = dc.length;
326 var retval = unescape(dc.substring(begin + prefix.length, end));
327 //alert("retval=" + retval);
328 return retval;
329}
330
331function deleteCookie(name) {
332 if (getCookie(name)) {
333 document.cookie = "psaid=<-A-><-E->; expires=Thu, 01-Jan-70 00:00:00 GMT";
334 //alert("deleted cookie=" + document.cookie);
335 }
336}


i dont fully understand java so i dont know whats going on in that.

If you guys could provide insight into this. i need to get back to the admins if it is breakable or not. ty

--ChaosXIII

(I made a similar post in a sepperate forum but i decided this section is more fitting)
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by insomaniacal on Sun Mar 14, 2010 6:45 pm
([msg=36741]see Re: odd md5 hash[/msg])

Next time, PM a mod or ask inside the thread for someone to move it into another section rather than posting a duplicate thread.

Thanks.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: odd md5 hash

Post by Bren2010 on Sun Mar 14, 2010 7:09 pm
([msg=36745]see Re: odd md5 hash[/msg])

I don't understand java either, and I'm not clear on your question, but it's possible that the md5 is salted.
Article on Salted MD5s
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by mogradin on Sun Mar 14, 2010 8:46 pm
([msg=36748]see Re: odd md5 hash[/msg])

From a cursory review of the code (mostly that I read the opening comment), the code is implementing an MD5-based message authentication code, so if you don't know the password you can't break the hash.

http://en.wikipedia.org/wiki/HMAC

Here is the author's page (from the code comment).

http://pajhome.org.uk/crypt/md5/
When we had no computers, we had no programming problem either. When we had a few computers, we had a mild programming problem. Confronted with machines a million times as powerful, we are faced with a gigantic programming problem. --Dijkstra
User avatar
mogradin
New User
New User
 
Posts: 1
Joined: Thu Mar 11, 2010 9:44 pm
Location: The Forum.
Blog: View Blog (0)


Re: odd md5 hash

Post by ChaosXIII on Mon Mar 15, 2010 1:31 pm
([msg=36813]see Re: odd md5 hash[/msg])

Yes, it is md5. In a since, yes it is impossible to "decrypt" md5. But, you can bruteforce it. You hash a value and compare it to the hash you don't know. you keep going until the one you know matches the one you don't know. This only works for a standard hash. Which the one in question in my case, is not. It changes each time.


Bren2010 wrote:I don't understand java either, and I'm not clear on your question, but it's possible that the md5 is salted. <br> Article on Salted MD5s


This could be correct. Because the "Pstoken" changes each attempt. Maybe it is salting it with that value?
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by Bren2010 on Tue Mar 16, 2010 7:16 am
([msg=36868]see Re: odd md5 hash[/msg])

ChaosXIII wrote:
Bren2010 wrote:I don't understand java either, and I'm not clear on your question, but it's possible that the md5 is salted. <br> Article on Salted MD5s
<br><br>This could be correct. Because the "Pstoken" changes each attempt. Maybe it is salting it with that value?


It's always possible. In the code, the functions doStudentLogin and doTeacherLogin hash the password by pskey with "hex_hmac_md5". When I looked it up, that's what it said it does, hash it and salt it. ;)
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by ChaosXIII on Tue Mar 16, 2010 12:05 pm
([msg=36881]see Re: odd md5 hash[/msg])

Awesome. That would be a bad thing if we didn't know what its salting it with, but. we do know :D so hmmm.... what program could i use to decrypt it with salts? I've used rainbow crack and generated the sufficient tables to crack that password but i saw no option to add in a salt. Do any of you know a program i could use?
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by insomaniacal on Tue Mar 16, 2010 12:07 pm
([msg=36882]see Re: odd md5 hash[/msg])

I'm pretty sure Cain and Abel had an option for including a salt... However, I haven't used it in awhile, and I'm on Linux, so I can't confirm that.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: odd md5 hash

Post by ChaosXIII on Tue Mar 16, 2010 12:59 pm
([msg=36886]see Re: odd md5 hash[/msg])

I will give that a look. Lol im with you :D. running backtrack 4 a my primary OS on my netbook. on my main gaming pc I'm running W7 atm. eh im not the hugest fan of it and i have alot more fun on my netbook. Although i think that we could get wine running to get cain and abel. Ty for the help. Ill get back to you guys on what i get. Hope you all don't think I'm too nooby or something D:
User avatar
ChaosXIII
New User
New User
 
Posts: 24
Joined: Sun Mar 14, 2010 2:28 pm
Blog: View Blog (0)


Re: odd md5 hash

Post by insomaniacal on Tue Mar 16, 2010 1:49 pm
([msg=36889]see Re: odd md5 hash[/msg])

It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Next

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests

cron