hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Design and Content : How to determine what type of encoding/encryption has been used?
Reply

Forum Jump

How to determine what type of encoding/encryption has been used?

Reply Post New Thread In Web Design and Content Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-24-2011, 05:34 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609

How to determine what type of encoding/encryption has been used?


Is there a way to find what type of encryption/encoding is being used? For example, I am testing a web application which stores the password in the database in an encrypted format.

Quote:
*58357A4A22F0804B5877A533EE9A75271FBE9F16
How do i determine what hashing or encryption is being used? Or is there a way? Or if there isn't any way to decode - how to find type of encoding - as i can encode it at first and manually replace it in database.

thank you

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language



Sponsored Links
  #2  
Old 09-25-2011, 11:22 AM
the_pm the_pm is offline
Retired Moderator
 
Join Date: May 2004
Location: Pflugerville, TX
Posts: 11,222
Is this an off-the-shelf application? Sometimes encrypting information can be found in documentation. Is the actual application encrypted too (do you need Zend or IonCube to run it)? If not, you can generally figure out how a password is created by reading through the code in whatever file/function is used to create your password.

What's the app?

__________________
Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design

  #3  
Old 09-25-2011, 11:32 AM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
Generally no is the answer.

Its not normally possible to see what has been used to encrypt something.

However,
Some ciphers and algorithms have telltale signs like the amount of characters used in the output. If a certain char appears in the same place or sameplace often..

__________________
Live Chat Support Software for your Business website - IMsupporting.com

Sponsored Links
  #4  
Old 09-25-2011, 04:43 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
Quote:
Originally Posted by the_pm View Post
Is this an off-the-shelf application? Sometimes encrypting information can be found in documentation. Is the actual application encrypted too (do you need Zend or IonCube to run it)? If not, you can generally figure out how a password is created by reading through the code in whatever file/function is used to create your password.

What's the app?
No, unfortunately there isn't any documentation. It's handmade product.
Actual application isn't ecrypted, but it's too large (~100mb .sql file) to find (especially if you don't know which keywords to use). I have access to db - it's *.sql file, but i don't know which keywords to use.

thank you

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

  #5  
Old 09-25-2011, 04:53 PM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
Why not locate the .php file that actually stores the password. ( assuming php )

That will say what its using to do it.
Also.. What format is the password field? ( ie: Text, varchar, md5.. )

I would expect a password to be "hashed" and not encrypted.

A hashed password cannot be decrypted.

__________________
Live Chat Support Software for your Business website - IMsupporting.com

  #6  
Old 09-25-2011, 04:58 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
Quote:
Why not locate the .php file that actually stores the password.
paswords are stored in .sql file
Quote:
Also.. What format is the password field? ( ie: Text, varchar, md5.. )
In sql file my(user) password is this - "*58357A4A22F0804B5877A533EE9A75271FBE9F16 "

Quote:
I would expect a password to be "hashed" and not encrypted.
Any difference. Unfortunately i'm not expert in this area. So is there any way to reset, change it - if i have access to this db ?

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

  #7  
Old 09-25-2011, 05:04 PM
the_pm the_pm is offline
Retired Moderator
 
Join Date: May 2004
Location: Pflugerville, TX
Posts: 11,222
The passwords are stored as sql, but they are placed there and looked up using .php, and there will be a .php page that corresponds to this. This is what I meant by reading the code/function that sets the password. SQL just stores information - a command has to originate from somewhere, and assuming the application is written in PHP, you'll find what you need within the code somewhere.

What page handles logging in? You can probably trace the encryption mechanism from there.

__________________
Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design

  #8  
Old 09-25-2011, 05:05 PM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
Quote:
Originally Posted by 3-rx View Post
paswords are stored in .sql file

In sql file my(user) password is this - "*58357A4A22F0804B5877A533EE9A75271FBE9F16 "


Any difference. Unfortunately i'm not expert in this area. So is there any way to reset, change it - if i have access to this db ?
Im aware they are stored in SQL.. Im more interested in what put in there... The file that actually connected to the DB and put the password there..
Find that file. ( register.php maybe? )

If that fails.. Find the login file. That will say how its checking the password and will help you understand how its been stored.

__________________
Live Chat Support Software for your Business website - IMsupporting.com

  #9  
Old 09-25-2011, 05:35 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
Yes, i find "login" file - but there isn't nothing except standart html form. Also i try to encrypte any simplet password (MD5 crypt) and to set this result in db, but unfortunately it doesn't work.
Quote:
Find the login file. That will say how its checking the password and will help you understand how its been stored.

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

  #10  
Old 09-25-2011, 05:36 PM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
Quote:
Originally Posted by 3-rx View Post
Yes, i find "login" file - but there isn't nothing except standart html form. Also i try to encrypte any simplet password (MD5 crypt) and to set this result in db, but unfortunately it doesn't work.
Paste the source code here..

Open the file in something like notepad.. Not in a webbrowser.

__________________
Live Chat Support Software for your Business website - IMsupporting.com


Last edited by lynxus; 09-25-2011 at 05:41 PM.
  #11  
Old 09-25-2011, 05:48 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
PHP Code:
<?php if (!CheckPermissions()) Redirect("/" $LANGUAGE);

if (
$SESSION["USER_NAME"] == __GUEST_USER__) {
?>
<form method="post" action="/<?= $LANGUAGE ?>/" name="login" style="margin-top: 0; margin-bottom: 0;">
    <table width="95%" cellspacing=0 cellpadding=0 border=0>
        <tr>
            <td><input type="text" name="f_login" size=25 class="FormInput"></td>
            <td><input type="hidden" name="form_action" value="login"></td>
        </tr>
        <tr>
            <td><input type="password" name="f_password" size=25 class="FormInput"><input type="hidden" name="form_submit" value="YES"></td>
            <td><img src="<?= $LAYOUT_IMAGES ?>/search_button.gif" border=0 align=right onclick="document.login.submit();return true;""></td>
        </tr>
    </table>
</form>
<?php } else { ?>
<form method="post" action="/<?= $LANGUAGE ?>/" name="logout" style="margin-top: 0; margin-bottom: 0;">
    <input type="hidden" name="form_action" value="logout"><input type="hidden" name="form_submit" value="YES">
    <img src="<?= $LAYOUT_IMAGES ?>/search_button.gif" border=0 onclick="document.logout.submit();return true;"">
</form>
<?php
}

?>

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

  #12  
Old 09-25-2011, 05:52 PM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
Cool,
Open the page in a browser and see what this shows:
<form method="post" action="/<?= $LANGUAGE ?>/" name="login"

Im interested in action="/<?= $LANGUAGE ?>/"

Then have a look at the file in the action="" section..

You will then be looking for a var created using something like
$password = $_POST['f_password'];

Follow that trail and it should help...

Or post the code to the file that appears in the action="" section and Ill have a peep.

__________________
Live Chat Support Software for your Business website - IMsupporting.com

  #13  
Old 09-25-2011, 06:07 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
Lynxus,

As i said there isn't nothing interesting in this part. Here is output

PHP Code:
            <tr>
                <
td colspan=2 bgcolor="#a9a9a9" class="ColumnHeader">LOGIN</td>
            </
tr>

            <
tr bgcolor="#F2F2F2">
                <
td><form method="post" action="/en/" name="login" style="margin-top: 0; margin-bottom: 0;">
    <
table width="95%" cellspacing=0 cellpadding=0 border=0>
        <
tr>
            <
td><input type="text" name="f_login" size=25 class="FormInput"></td>
            <
td><input type="hidden" name="form_action" value="login"></td>
        </
tr>
        <
tr>
            <
td><input type="password" name="f_password" size=25 class="FormInput"><input type="hidden" name="form_submit" value="YES"></td>

            <
td><img src="/skins/default/images/search_button.gif" border=0 align=right onclick="document.login.submit();return true;""></td>
        </tr>
    </table>
</form>
</td>
            </tr> 
Unfortunately "action" it's just mention the language file (system determnie in which language to display Login form ) -> "LOGIN" text.

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

  #14  
Old 09-25-2011, 06:12 PM
lynxus lynxus is offline
Lord of live chats
 
Join Date: Jul 2009
Location: UK
Posts: 1,286
there will be a file its calling inside the /en/ directory.

Probably /en/index.php

It cannot be some kind of hidden file because the end users browser will request the directory /en/ and the webserver will return the default file ( probably index.php ? )

__________________
Live Chat Support Software for your Business website - IMsupporting.com

  #15  
Old 09-25-2011, 06:30 PM
3-rx 3-rx is offline
Web Hosting Master
 
Join Date: Jan 2005
Posts: 609
Don't keep your attention on language file.

Also i find interesting (i hope) code in index.php file


PHP Code:
///// Login Default User ///////////////////////////////////////////////////////

//echo $SESSION["USER_NAME"] . "<br><hr>";

if ((!isset($SESSION["USER_NAME"])) || (!$SESSION["USER_NAME"])) {
   
//    echo "<br>Login As Guest [1].<br><hr>";
    
Login(__GUEST_USER__);
}

if ((isset(
$_REQUEST["form_submit"])) && (trim($_REQUEST["form_submit"]) == "YES") &&
        (isset(
$_REQUEST["form_action"])) && (trim($_REQUEST["form_action"]))) {
    switch (
trim($_REQUEST["form_action"]))    {
        case 
"login":
            if ((
$SESSION["USER_NAME"] != __GUEST_USER__) || (!CheckRequest("f_login","",$l_user)) ||
                    (!
CheckRequest("f_password","",$l_pass)))
                break;
            
Login($l_user,$l_pass);
            
//echo "<br>Login As $l_user [2].<br><hr>";
            
break;
        case 
"logout":
            if (
$SESSION["USER_NAME"] == __GUEST_USER__)
                break;
            
Login(__GUEST_USER__);
            
//echo "<br>Login As Guest [3].<br><hr>";
            
break;
        case 
"lastissue":
            
$SESSION["VIEWDATE"] = $SESSION["CURDATE"];
            
$_SESSION['SESSION'] = serialize($SESSION);
            break;
    }
}

####

$ENABLE_LOGIN 0;
$ENABLE_LOGIN 1;

HTML_Start($SITE_NAME,$SITE_DESCRIPTION,"/skins/$LAYOUT/style.css",implode(",",$REQ_JSLIBS),$SITEGLOBALS["encoding"]); 
is there any useful part

__________________
Your Health Encyclopedia
Medical and health consumer information resources containing comprehensive and unbiased information in patient-friendly language

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
What type of "cipher" to use for OpenVPN encryption? mrzippy Hosting Security and Technology 4 11-13-2013 11:26 PM
Some Type Of Encryption Arber Programming Discussion 1 12-04-2009 09:12 PM
Php Encryption/ Encoding Tlc Programming Discussion 13 04-30-2006 06:28 AM
determine MIME type okok Programming Discussion 0 05-09-2004 02:25 AM
Remotely determine RAM type from Linux? MattF Hosting Security and Technology 3 09-26-2003 04:48 AM

Related posts from TheWhir.com
Title Type Date Posted
Yahoo Works with Google on End-to-End Email Encryption Web Hosting News 2014-08-08 12:30:48
Google Develops End-to-End Encryption Tool for Email Web Hosting News 2014-06-04 13:46:14
New Ponemon Institute Report Explores Cloud Encryption Trends Web Hosting News 2014-05-01 08:22:16
Box Nears Release of Customer-Held Encryption Key Product Web Hosting News 2014-04-02 13:14:44
Documents Show NSA Invested Billions to Break Encryption Blog 2013-09-09 15:27:00


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?