Government Security
Network Security Resources

Jump to content

Photo

Decrypting Psybnc Passes


  • Please log in to reply
9 replies to this topic

#1 Fantafour

Fantafour

    Private First Class

  • Members
  • 61 posts

Posted 28 July 2004 - 12:52 PM

Hi outta there

i found on an old root server an runnin (unix)psybnc. in the psybnc.conf an pass
"1r0y's1''I14`P19`N"

Is it possible to decrypt it ?
Or anyone knows what a method it ist...

#2 ZoraX

ZoraX

    Specialist

  • Members
  • 149 posts

Posted 29 July 2004 - 07:07 AM

I think passes in psybnc.conf is encrypted whit blowfish(as default) so try google for a blowfish decrypter:)

#3 Fantafour

Fantafour

    Private First Class

  • Members
  • 61 posts

Posted 29 July 2004 - 01:33 PM

i didnt find any good results... can anyone help `?

#4 mortello

mortello

    Staff Sergeant

  • Members
  • 408 posts

Posted 29 July 2004 - 02:13 PM

i didnt find any good results... can anyone help `?

If my memory serves me well, blowfish isn't cracked yet.....or not public....but I may be confused with another encryption type

#5 ZoraX

ZoraX

    Specialist

  • Members
  • 149 posts

Posted 08 August 2004 - 01:38 AM

Did some googleing and cant find any decrypter for it, sorry mate, cant help you to crack it...

isent there any other password files you can crack ? maybe psybnc pass and some other pass is the same?

#6 Guest_Mr_X_*

Guest_Mr_X_*
  • Guests

Posted 08 August 2004 - 03:23 AM

Uses Psybnc sources to make a brute force password cracker. You'll find code to encode password. Then you make something that encode password and check if it's equal to the encrypted password found. Easy

#7 KuerbY

KuerbY

    Staff Sergeant

  • Members
  • 254 posts

Posted 08 August 2004 - 01:49 PM

u can write your own plain-text pw in the file dont know if it helps you ;)

#8 mortello

mortello

    Staff Sergeant

  • Members
  • 408 posts

Posted 08 August 2004 - 02:25 PM

Uses Psybnc sources to make a brute force password cracker. You'll find code to encode password. Then you make something that encode password and check if it's equal to the encrypted password found. Easy

Well, sounds easy, but requires alot of time, coding skills, and some brain too....all that combine and you may get something that works....chances are you won't, or it would already be public....don't you think...

#9 phaeton

phaeton

    Specialist

  • Members
  • 137 posts

Posted 12 August 2004 - 11:03 AM

not really mortello, plus its not that hard, because there are other open source brute-forcers, you can write your own plugin or code for it :)

check john the ripper...

#10 str8

str8

    Private

  • Members
  • 1 posts

Posted 20 February 2012 - 11:17 PM

+1 Mr_X

The source is your friend, just playing around a few minutes in lets say p_crypt.c....
here is a partial solution for you...... well if you have salt.h

To finish your puzzle see p_blowfish.c

// Reverse Engineered by str8
// Totally stole most code from psybnc
// Ripped out only parts needed for their crypt functions to work
// Encrypted items are returned with +{encrypted context}
// Still looking for where this goes with the ={encrypted context}
// partially finished USER1.USER.PASS decryption
// may fit into the key section <- see p_blowfish.c
//


#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#include "salt.h"


int baselen=67;
char crybu[2000];
char ctxt[50];
char cfunc[60];
unsigned char base[]="'`0123456789abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@$=&*-#";
//int baselen=67;
unsigned char xres[3];
int cline;


// messing with strmncpy -> strncpy
#define pcontext { strncpy(ctxt,__FILE__,sizeof(ctxt));strncpy(cfunc,__FUNCTION__,sizeof(cfunc)); cline=__LINE__; }

int wrong=0;

unsigned int unhashdot(unsigned char *hash)
{
unsigned int lf=baselen;
unsigned char *pt;
unsigned int erg=0;
unsigned long ln=0;
wrong=0;
while (ln<baselen && base[ln] != hash[0]) {
ln++;
}
if (ln!=baselen) {
erg=ln * lf;
} else {
wrong=1;
}
ln=0;
while (ln<baselen && base[ln] != hash[1]) {
ln++;
}
if (ln!=baselen) {
erg=erg+ln;
} else {
wrong=1;
}
return erg;
}



/* hashing routines for string driven systems */
//***************************************************

unsigned char *hashdot(unsigned int r)
{
unsigned int cnt;
unsigned int hh=0;
unsigned int hl=0;
cnt=r;
for(;cnt>0;cnt--)
{
hl++;
if (hl==baselen) {hl=0;hh++;}
}
xres[0]=base[hh];
xres[1]=base[hl];
xres[2]=0;
return xres;
}



// some crypt func
//******************
char *psycrypt(char *st)
{
char *pte;
char *ptt;
char *pts1,*pts2;
char *pt;
char *hpt;
char hbuf[3];
int res;
int slen=0;
unsigned int zn;
unsigned int tslt1 = CODE1;
unsigned int tslt2 = CODE2;
int p1,p2,p3,p4,p5;
int erg;
int de=0;
pcontext;
memset(crybu,0x0,sizeof(crybu));
pt = crybu;
pte = pt;
ptt = st;
if (*ptt=='+') {
ptt++;
de=1;
} else {
*pte++='+';
}
pts1 = slt1 +SA1;
pts2 = slt2 +SA2;
while(*ptt!=0)
{
if (slen>1990) break;
if (tslt1>255 || tslt1 <0) tslt1=CODE1;
if (tslt2>255 || tslt2 <0) tslt2=CODE2;
if (*pts1==0) pts1=slt1;
if (*pts2==0) pts2=slt2;
res=0;
if (de) {
hbuf[0]=*ptt++;
hbuf[1]=*ptt;
hbuf[2]=0;
p1=unhashdot(hbuf);
p2=*pts1;p3=tslt1;p4=*pts2;p5=tslt2;
erg=p1-p2-p3+p4-p5;
*pte=erg;
res=erg;
} else {
p1=*ptt;p2=*pts1;p3=tslt1;p4=*pts2;p5=tslt2;
res=p1;
erg=p1+p2+p3-p4+p5;
hpt=hashdot(erg);
*pte++=hpt[0];slen++;
*pte=hpt[1];
}
tslt1--;
res=res/10;
tslt2=tslt2+res;
pte++;ptt++;pts1++;pts2++;slen=slen+1;
}
*pte=0;
return pt;
}


// encrypt char
//*********************

char *cryptit(char *tocipher)
{
if (*tocipher=='+')
return tocipher;
else
return psycrypt(tocipher);
}
// decrypt the char
//**********************
char *decryptit(char *todecipher)
{
if (todecipher[0]=='+')
return psycrypt(todecipher);
else
return todecipher;
}



// eventual main loop :S
//*****************************
int main(int argc, char** argv){

if ( argc != 3 ){
printf ("Reverse Engineered by str8\nUsage: %s string {c,d}\n", argv[0]);
exit(1);
}



if ( strcmp (argv[2],"c") ){

printf ("%s\n", decryptit(argv[1]) );
}else if ( strcmp(argv[2],"d") ){
printf ("%s\n", cryptit(argv[1]) );
}




return 0;
}




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users