Meeting Maker 7x / 8x
User Password Recovery
First get comfortable with reading binary data.
Second, open up a Meeting Maker Server Export in said binary
file viewer.
Third, figure out how to turn all this gobbledygook into
something semi-useful (as we have done below), but barring that, search for
your USER NAME or USER LOGIN, in the example below we use “Adam Ant” with User
Login “adam”
Adam’s password is encrypted in the line beginning with
“OVNI 0103” (which will ALWAYS immediately follow his USER LOGIN)
The first digit “1” tells me the password is 1-byte
long. In this example I know his
password is “b” but it is encrypted in the export file as “c”
You should start to suspect a pattern.
If the clear password is “aa” (61 61h) the hex string is “63
8C”
The pattern holds.
The first encrypted character = character + LENGTH of password
Now we proceed to the next digits in turn and build a table (a, aa, aaa, aaaa, b, bb, bbb...) you get the idea) which we will leave as an exercise for the reader.
Going down the column is less clear than going across the
rows. Going from “a” to “b” everything
augments by one (and this has held across a range of experimentation), meaning
we can in a pinch use each “a” length cipher as a base to figure out anything
of that length.
So the algorithm:
1.
Find a user
2.
Read the password length
3.
Subtract length from the first digit to get the
hex of the first character
4.
Use the “a” column in your table as an
offset for all the other letters in the password sequence.
5.
Do not ask for any more information you script
kiddies in India – this is more than adequate.
So the 7 digit string “7B 96 BA E9 04 38 26” deciphers as
“theman5”
7 letter “50 A4 B6 EA 04 FD 24” deciphers as “Ivana33”
5 letter “70 8F D0 E1 14” is “kayak”
Go wild.
No comments:
Post a Comment