| | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | I have recently discoverd a registry value created by AOL's Instant Messenger. The path is: HKEY_CURRENT_USER\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users\**Your screen name here**\Login\password1 The value of this key is a password hash. The hash is only there if the 'remember password' box has been checked the last time you logged on to that screenname on your computer. I've also noticed that the value only changes if you successfully log in with that password. I have created an AIM account and changed the password again and again to compare the hashes. I got this: LINK (Please note that AIM passwords can be only 4-16 digits, and contain only a-z, A-Z, and 0-9. Special characters are not allowed (!&#*%^@)) I would like to try to figure out how to decrypt the hashes, but that seems awfully difficult. Does anyone know of a program to decrypt the aim hashes? Or a program where it compares the hash and the password to make a key? In the meantime I will be working on trying to find a pattern in the hashes. If we find out how to decrypt these hashes it means that all that is needed to find a password is to have it saved on the remote computer. (Which is mostly everyone). Thanks in advance for any help you guys  
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | |
▼ Sponsored Links ▼
▲ Sponsored Links ▲
| | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | Your URL does not work, page times out. | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | According to a thread I found through Google it would seem that it is a DES hash...
tonikgin
Feb 19 2004, 06:11 AM
C:\Stuff\john-16\run>john password.txt
Loaded 1 password (NT LM DES [24/32 4K])
I'm sorry, what were you saying about me beign wrong?
contents of password.txt:
root:FB842CFC6FCE70F9AAD3B435B51404EE
the hash is indeed DES encrypted.
| | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | The hashes I linked to before are as follows: dLhzN0VCANTTP4DEZj3F5XS4czdFQgDU0z+AxGY9xeU= | aaaa TBibAgzrAi4OzEJIKALiuEwYmwIM6wIuDsxCSCgC4rg= | aaab OWOiumWsjrHG4hQEYAMZJTljorplrI6xxuIUBGADGSU= | aaac ZbqEHgHW23cz6Qpbf55vgGW6hB4B1tt3M+kKW3+eb4A= | bbbb efEtD+8rgKUgUKwuFy1Yp3nxLQ/vK4ClIFCsLhctWKc= | bbba wYjv2JAjWmfavB0p3gxZcMGI79iQI1pn2rwdKd4MWXA= | bbbc Qfy6CfK9zfMVukEZ3Hl43UH8ugnyvc3zFbpBGdx5eN0= | cccc hpEegd3FiSj/104QnbMaDIaRHoHdxYko/9dOEJ2zGgw= | ccca 01yI7rc97lOYVRzLE2oIOdNciO63Pe5TmFUcyxNqCDk= | cccb I found a .doc called "Guide To AIM" and it said in there that passwords where stored in a different hash in the system files, but I can't find it. The hash in theh quote that you gave Gizmo is like the one that's in the guide. The hashes in the registry are different. I found a program to decrypt the hashes that aren't stored in the registry, HERE The only problem is that I can't find where those hashes are stored. Again, I was told that these hashes are stored in the system files: HardDisk/SystemFolder/Preferences/AOLInstantMessenger�/Users/'ScreenName'/ But I can't find them. John the ripper doesn't work on the registry hashes either, it doesn't reconize them, but it does reconize the system hashes. Help with decrypting the registry hashes or help with finding the DES hashes location would be most aprecciated. Thanks
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | They used to save the hashes in plain files on the disk, they got wise to people cracking them and started encrypting them.
When I first looked at it I thought they where MD5ed heh | | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | Ok, thanks. So I'm too late I take it? The only hashes stored are in the registry? Darn. I found a program that sounds like it cracks the registry hashes. The only problem is that it's open source, and I have no idea how to compile it. LINK Thanks for your help Mate
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | "open source" doens't mean you have to compile anything, when they don't supply a compiled version is when you have to compile  .. and anything can be "hacked" its just a matter of figuring it out... keep in mind that as soon as you tell someone how to crack things you've taken the first step to seeing it repaired... | | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | Ok, so any idea on how to get that program to run? Because I'm lost. >_< keep in mind that as soon as you tell someone how to crack things you've taken the first step to seeing it repaired... And true that mate, that's mostly the reason that they are up to aim v5.9 right now.
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | What program? I don't recall telling you to use any program... | | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 |
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Jun 2003 Posts: 807 Likes: 2 UGN Super Poster | | UGN Super Poster Joined: Jun 2003 Posts: 807 Likes: 2 | Those hashes look a bit like base64. | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | I thought so too, but they're not, trust me, i've run it through base64_decode and nothing... I'm relatively certain that they're des | | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | I have also tried base64, all I got was a bunch of symbols. I've found a program that converts the hashes into MD5 hashes, and a website that decrypts MD5 hashes. This works, it gives me the correct password. The only problem is that the site only lets you decrypt a certain length of characters. The site is in german, but can be translated. SITE The text at the top translates to: MD5-Decrypter for:
- up to codes with four digits of A-z/ 0-9 (1.727.604)
- up to codes with six digits of 0-9 (1.111.110)
- frequently used passwords (720.139) This was a problem. I spent a few hours online and found a program that decrypts MD5 hashes, as well as a hell of a lot more hashes. It's called "Cain & Abel". Incase you're intrested, the site is HERE . This works! Thanks for your help guys.
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Jun 2003 Posts: 807 Likes: 2 UGN Super Poster | | UGN Super Poster Joined: Jun 2003 Posts: 807 Likes: 2 | Everyone knows about Cain & Abel.
Though, when dealing with MD5, you're not decrypting. You're brute forcing the hash, considering it's a 1 way algorithm.
And, with regard to base64, the symbols aren't necessarily the password, but rather, the way the password is stored. The values represented to the program by the symbols may in fact be the password.
The reason I say that, is because, it is base64.
Use Cain & Abel to decode the base64, copy the hex values for that reversed string, split it in half (32 characters: an md5 hash), and you have an MD5 hash for the password.
I figured this out with your password list, and it worked. | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | see, now this is why you salt your md5 hashes  | | | | | Joined: Jul 2006 Posts: 12 Junior Member | | Junior Member Joined: Jul 2006 Posts: 12 | Ok, I think I get it now, thanks Ghost, this works great!
I don't hack. I simply test security, free of charge. www.slyce.tk/ | | | | | Joined: Oct 2002 Posts: 955 UGN Super Poster | | UGN Super Poster Joined: Oct 2002 Posts: 955 | Nicely done  | | | | | Joined: Feb 2002 Posts: 7,203 Likes: 11 Community Owner | | Community Owner Joined: Feb 2002 Posts: 7,203 Likes: 11 | Originally posted by jonconley: Nicely done Spammer | | |
| Forums41 Topics33,840 Posts68,858 Members2,176 | | Most Online3,253
Jan 13th, 2020 | | |
|
