Results 1 to 17 of 17
-
09-24-2011, 05:34 PM #1Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
How to determine what type of encoding/encryption has been used?
Is there a way to find what type of encryption/encoding is being used? For example, I am testing a web application which stores the password in the database in an encrypted format.
*58357A4A22F0804B5877A533EE9A75271FBE9F16
thank youYour Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 11:22 AM #2Retired Moderator
- Join Date
- May 2004
- Location
- Pflugerville, TX
- Posts
- 11,231
Is this an off-the-shelf application? Sometimes encrypting information can be found in documentation. Is the actual application encrypted too (do you need Zend or IonCube to run it)? If not, you can generally figure out how a password is created by reading through the code in whatever file/function is used to create your password.
What's the app?Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design
-
09-25-2011, 11:32 AM #3Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Generally no is the answer.
Its not normally possible to see what has been used to encrypt something.
However,
Some ciphers and algorithms have telltale signs like the amount of characters used in the output. If a certain char appears in the same place or sameplace often..Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 04:43 PM #4Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
No, unfortunately there isn't any documentation. It's handmade product.
Actual application isn't ecrypted, but it's too large (~100mb .sql file) to find (especially if you don't know which keywords to use). I have access to db - it's *.sql file, but i don't know which keywords to use.
thank youYour Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 04:53 PM #5Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Why not locate the .php file that actually stores the password. ( assuming php )
That will say what its using to do it.
Also.. What format is the password field? ( ie: Text, varchar, md5.. )
I would expect a password to be "hashed" and not encrypted.
A hashed password cannot be decrypted.Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 04:58 PM #6Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
Why not locate the .php file that actually stores the password.
Also.. What format is the password field? ( ie: Text, varchar, md5.. )
I would expect a password to be "hashed" and not encrypted.Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 05:04 PM #7Retired Moderator
- Join Date
- May 2004
- Location
- Pflugerville, TX
- Posts
- 11,231
The passwords are stored as sql, but they are placed there and looked up using .php, and there will be a .php page that corresponds to this. This is what I meant by reading the code/function that sets the password. SQL just stores information - a command has to originate from somewhere, and assuming the application is written in PHP, you'll find what you need within the code somewhere.
What page handles logging in? You can probably trace the encryption mechanism from there.Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design
-
09-25-2011, 05:05 PM #8Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Im aware they are stored in SQL.. Im more interested in what put in there... The file that actually connected to the DB and put the password there..
Find that file. ( register.php maybe? )
If that fails.. Find the login file. That will say how its checking the password and will help you understand how its been stored.Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 05:35 PM #9Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
Yes, i find "login" file - but there isn't nothing except standart html form. Also i try to encrypte any simplet password (MD5 crypt) and to set this result in db, but unfortunately it doesn't work.
Find the login file. That will say how its checking the password and will help you understand how its been stored.Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 05:36 PM #10Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Last edited by lynxus; 09-25-2011 at 05:41 PM.
Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 05:48 PM #11Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
PHP Code:<?php if (!CheckPermissions()) Redirect("/" . $LANGUAGE);
if ($SESSION["USER_NAME"] == __GUEST_USER__) {
?>
<form method="post" action="/<?= $LANGUAGE ?>/" name="login" style="margin-top: 0; margin-bottom: 0;">
<table width="95%" cellspacing=0 cellpadding=0 border=0>
<tr>
<td><input type="text" name="f_login" size=25 class="FormInput"></td>
<td><input type="hidden" name="form_action" value="login"></td>
</tr>
<tr>
<td><input type="password" name="f_password" size=25 class="FormInput"><input type="hidden" name="form_submit" value="YES"></td>
<td><img src="<?= $LAYOUT_IMAGES ?>/search_button.gif" border=0 align=right onclick="document.login.submit();return true;""></td>
</tr>
</table>
</form>
<?php } else { ?>
<form method="post" action="/<?= $LANGUAGE ?>/" name="logout" style="margin-top: 0; margin-bottom: 0;">
<input type="hidden" name="form_action" value="logout"><input type="hidden" name="form_submit" value="YES">
<img src="<?= $LAYOUT_IMAGES ?>/search_button.gif" border=0 onclick="document.logout.submit();return true;"">
</form>
<?php
}
?>Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 05:52 PM #12Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Cool,
Open the page in a browser and see what this shows:
<form method="post" action="/<?= $LANGUAGE ?>/" name="login"
Im interested in action="/<?= $LANGUAGE ?>/"
Then have a look at the file in the action="" section..
You will then be looking for a var created using something like
$password = $_POST['f_password'];
Follow that trail and it should help...
Or post the code to the file that appears in the action="" section and Ill have a peep.Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 06:07 PM #13Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
Lynxus,
As i said there isn't nothing interesting in this part. Here is output
PHP Code:<tr>
<td colspan=2 bgcolor="#a9a9a9" class="ColumnHeader">LOGIN</td>
</tr>
<tr bgcolor="#F2F2F2">
<td><form method="post" action="/en/" name="login" style="margin-top: 0; margin-bottom: 0;">
<table width="95%" cellspacing=0 cellpadding=0 border=0>
<tr>
<td><input type="text" name="f_login" size=25 class="FormInput"></td>
<td><input type="hidden" name="form_action" value="login"></td>
</tr>
<tr>
<td><input type="password" name="f_password" size=25 class="FormInput"><input type="hidden" name="form_submit" value="YES"></td>
<td><img src="/skins/default/images/search_button.gif" border=0 align=right onclick="document.login.submit();return true;""></td>
</tr>
</table>
</form>
</td>
</tr>
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-25-2011, 06:12 PM #14Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
there will be a file its calling inside the /en/ directory.
Probably /en/index.php
It cannot be some kind of hidden file because the end users browser will request the directory /en/ and the webserver will return the default file ( probably index.php ? )Live Chat Support Software for your Business website - IMsupporting.com
-
09-25-2011, 06:30 PM #15Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
Don't keep your attention on language file.
Also i find interesting (i hope) code in index.php file
PHP Code:///// Login Default User ///////////////////////////////////////////////////////
//echo $SESSION["USER_NAME"] . "<br><hr>";
if ((!isset($SESSION["USER_NAME"])) || (!$SESSION["USER_NAME"])) {
// echo "<br>Login As Guest [1].<br><hr>";
Login(__GUEST_USER__);
}
if ((isset($_REQUEST["form_submit"])) && (trim($_REQUEST["form_submit"]) == "YES") &&
(isset($_REQUEST["form_action"])) && (trim($_REQUEST["form_action"]))) {
switch (trim($_REQUEST["form_action"])) {
case "login":
if (($SESSION["USER_NAME"] != __GUEST_USER__) || (!CheckRequest("f_login","",$l_user)) ||
(!CheckRequest("f_password","",$l_pass)))
break;
Login($l_user,$l_pass);
//echo "<br>Login As $l_user [2].<br><hr>";
break;
case "logout":
if ($SESSION["USER_NAME"] == __GUEST_USER__)
break;
Login(__GUEST_USER__);
//echo "<br>Login As Guest [3].<br><hr>";
break;
case "lastissue":
$SESSION["VIEWDATE"] = $SESSION["CURDATE"];
$_SESSION['SESSION'] = serialize($SESSION);
break;
}
}
####
$ENABLE_LOGIN = 0;
$ENABLE_LOGIN = 1;
HTML_Start($SITE_NAME,$SITE_DESCRIPTION,"/skins/$LAYOUT/style.css",implode(",",$REQ_JSLIBS),$SITEGLOBALS["encoding"]);
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-27-2011, 02:56 PM #16Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 623
looks like it's this what we need :-)
PHP Code:///// Rendering Site Layout ////////////////////////////////////////////////////
if($_POST['login'] && $_POST['pass'] && $_POST['btn_login']){
setcookie('login', $_POST['login'], time()+1209600, '/', '');
setcookie('pass', md5($_POST['pass']), time()+1209600, '/', '');
header("Location: ".$_SERVER['HTTP_REFERER']); // right?!
}
if($_POST['logout']){
setcookie('login', '', time()+1209600, '/', '');
setcookie('pass', '', time()+1209600, '/', '');
header("Location: ".$_SERVER['HTTP_REFERER']); // right?!
}
thank youYour Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language
-
09-27-2011, 03:51 PM #17Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
Last edited by lynxus; 09-27-2011 at 03:55 PM.
Live Chat Support Software for your Business website - IMsupporting.com
Similar Threads
-
What type of "cipher" to use for OpenVPN encryption?
By mrzippy in forum Hosting Security and TechnologyReplies: 4Last Post: 11-13-2013, 11:26 PM -
Some Type Of Encryption
By Arber in forum Programming DiscussionReplies: 1Last Post: 12-04-2009, 09:12 PM -
Php Encryption/ Encoding
By Tlc in forum Programming DiscussionReplies: 13Last Post: 04-30-2006, 06:28 AM -
determine MIME type
By okok in forum Programming DiscussionReplies: 0Last Post: 05-09-2004, 02:25 AM -
Remotely determine RAM type from Linux?
By MattF in forum Hosting Security and TechnologyReplies: 3Last Post: 09-26-2003, 04:48 AM