[SLiM577]

Ive recently heard that There infact is a way in decoding Serv-u Passwords. Ive emailed Cat-Soft company on if they know how to decrypt these Serv-U passwords. This is some of my Feedback.


You can't actually decrypt passwords once they are encrypted. Serv-U uses
UNIX 'crypt' which was designed to be one-way only (and as far as I know
there has not been anyone yet that cracked this, so for all practical
purposes the clear text password is gone).


What Serv-U does is encrypt the user's password again when that person
logs in and then compares the enctyped password with what's stored. If
the two match it is assumed the clear text was the same. There is of
course always a (about) 1 in 10-to-the-power-20 chance that someone hit
on something that also verifies to be the same even though the clear text
did not match.. ;)


The first two characters of a encrypted password are the 'salt'. These
are random and determined at the time of the first password encryption
and passed on the the 'crypt' function. They are to scramble the
encryption results, so if you encrypt "secret" it'll give different
results each time you do that, thus making dictionary attacks difficult
(you'd have to encrypt a dictionary for all possible salt values before
being able to compare the dictionary with the encrypted passwords). So,
to compare encrypted passwords with what the user types you need to
encrypt the the user's text with the salt taken from the already
encrypted password (the first two characters), using 'crypt'.


I cannot give you the source for crypt, but various sources are available
on the Internet (see things like FreeBSD, Linux, and Crack). Also, the
DLL version of the password util at
ftp://ftp.cat-soft.com/Add-Ons/Passwd/ will do it for you (in fact, it'll
compare any cleartext with any encrypted password and tell you if the two
match). That DLL won't work in VB though (which is what you're using,
isn't it?).

This guy says Cat-soft thinks 95% serv-u use random crypting.
But there is a new method of decrypting.

Now the passwords for Serv-u Look like This..

[USER=a|1]
Password=tz1BACB112C654EB43BD5AFDBA8DBB4614


That is found in ServuDaemon.ini

If anyone has any information on decrypting Serv-U Passwords Plz. let me know. Thanks ~will ;)

[phrozen77]

Quote

The first two characters of a encrypted password are the 'salt'

[USER=a|1]
Password=tz1BACB112C654EB43BD5AFDBA8DBB4614

So the rest of it is just a MD5 hash...

Now guess what....

[Andy]

yes it is crackable

just try it yourself with like the password "abc"

[trunks]

yeah its crackable even the iroffer pass can be cracked...just need the proper tools. start with john the ripper, mdcrack, Supassconvert

[Travis]

if it uses crypt() function you can make it look like a unix passwd listing so for example....

UuCp:OORoMNEN9FyZfNE:4:4::/var/spool/uucppublic:/usr/lib/uucp/uucico

than crack it... using JTR

(i know I know :P not my login just pulled it off a site real quickly :P )

This post has been edited by dissolutions: 09 December 2003 - 07:53 AM

[LoCaliSe]

:P

[aTahualPa]

password decyption is good, but servu, :o only reason is rehacking!? not really a fair move :ph34r:

god gave us a brain to search for better servers ;)

aTa

[x1`]

i also need this sort of tool cause some times i forget the password :D

[Kenny]

hey ara2.... your not interested in anyones post.... you want to get to the downloads....i been watching you for about an hour

look at your post times also....

well you paid the price... reset to 5 and warn point issued

[Progressor]

Try Cain, it's nice decrypting program:
http://www.oxid.it/d...s/cain25b46.exe