d2jsp
Log InRegister
d2jsp Forums > Off-Topic > General Chat > Science, Technology & Nature > What Type Of File Is This? > Serious Question
Add Reply New Topic New Poll
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 7 2010 03:25pm
http://www.box.net/shared/v1muoo0vrx

I need to know what type of file this is, or even what encryption was used on it so that I work with it. I checked file the header against headersig.txt, but nothing came up as recognized.

Looking for serious answers only, the name is irrelevant as far as I can tell. Any help pointing me in the right direction would be greatly appreciated(hint hint), and if you can decrypt the first level of encryption then I will make sure it was worth your time, so long as you at least let me know what you did to get into it.

I have tried shifting bits to some degree, but was doing it manually so I am sure there is a better way.

This post was edited by GodFollower on Apr 7 2010 03:27pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 7 2010 05:19pm
Well obviously it is a un-shadowed *nix passwd file from a school of some kind?. The fields represent:

account:password:UID:GID:GECOS:directory:shell

In English that is: ACCOUNT:PASSWORD:USER-ID#:GROUP-ID#:TEXT-INDENT-NAME:USERS-HOME-DIRECTORY:PROGRAM-TO-RUN-ON-SUCCESSFUL-USER-LOGIN

TEXT-INDENT-NAME is a throwback and does not mean much, it is basically just a label.

You'll notice the account vpetrov, C1caldej, C1reynol (and a few others) do not have a password ;) No idea if this is of any value to you.

Also I noticed there are 2 different Group IDs. 530 and 532, both appear to be students.

Furthermore all of the students in group 530 have a 4 digit USER-ID, and the students in group 532 seem to have a 5 digit USER-ID. Maybe group 530 is students who have been in the system much longer, and that some changes where made to the system, then a new group of students was added?

Furthermore there are several different naming conventions for the field TEXT-INDENT-NAME indicating either this has been added by a human being or automatically by the system but with different settings over time.

This post was edited by Azrad on Apr 7 2010 05:22pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 7 2010 05:51pm
I've cracked these so far with john
C1obrado (C1obrado)
shadow (C1luttre)
dorothy (jwcarter)
ranger (C1rolfes)
superman (C1adair)
christin (C1little)
tigers (C1rapp)
security (C1phan)
bailey (C1dean)
vortex (mmeiners)
ultimate (surendra)
merlin1 (C1harris)
wwwwww (wutao)


edited to add:bowang (zhonggu)

This post was edited by Azrad on Apr 7 2010 05:56pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 7 2010 07:03pm
rhette (c1gonzal)

Anyway I can't continue to dedicate a processor to this. Many of those came from a dictionary attack, and some from 6 digits of brute force. I think I've proven it can be broken. The passwords are just standard DES encrypted. Just download John the Ripper and brute it some more if you feel like getting a few more of them (http://www.google.com/#hl=en&q=john+the+ripper&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=bcdf8cbbf06dc4f). Because of the key-space it is probability unrealistic to get them all. If you don't know how to use it there is some guides I think on the website. Good luck.

Edited to add: Lesson to anyone reading this: Choose long passwords that don't appear in dictionaries! :evil:

This post was edited by Azrad on Apr 7 2010 07:07pm
Member
Posts: 6,902
Joined: Oct 16 2008
Gold: 5.00
Apr 7 2010 10:11pm
Quote (Azrad @ Apr 8 2010 01:03am)
rhette          (c1gonzal)

Anyway I can't continue to dedicate a processor to this. Many of those came from a dictionary attack, and some from 6 digits of brute force. I think I've proven it can be broken. The passwords are just standard DES encrypted. Just download John the Ripper and brute it some more if you feel like getting a few more of them (http://www.google.com/#hl=en&q=john+the+ripper&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=bcdf8cbbf06dc4f). Because of the key-space it is probability unrealistic to get them all. If you don't know how to use it there is some guides I think on the website. Good luck.

Edited to add: Lesson to anyone reading this: Choose long passwords that don't appear in dictionaries!  :evil:


The reason being for no passwords that do not appear in dictionaries is because these programs check English dictionaries first. Its already programmed with every word. Am I right? :unsure:

This post was edited by Hostage432 on Apr 7 2010 10:11pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 7 2010 10:19pm
Quote (Hostage432 @ Apr 7 2010 09:11pm)
The reason being for no passwords that do not appear in dictionaries is because these programs check English dictionaries first. Its already programmed with every word. Am I right?  :unsure:


Yep, you can test several 10s of thousands to hundreds of thousands of passwords a second, so checking the entire dictionary takes only a few seconds at most.
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 7 2010 10:21pm
Alright thanks. I did not need the passwords cracked, sorry you spent your time on that. I just needed the file type identified. I am not at all familiar with *nix systems, so to me the file looked like an encrypted windows file of some sort, using a hex editor. Figured the encryption program just created a hex header that was full of garbage.

Thanks for the info!

-E- I also use John and Cain for a lot of this stuff, unless it is a windows hash, then I use Ophcrack. I have Passware Recovery Kit Enterprise for documents, etc.

Do you do a lot of Forensics or recovery work?

This post was edited by GodFollower on Apr 7 2010 10:25pm
Member
Posts: 6,902
Joined: Oct 16 2008
Gold: 5.00
Apr 7 2010 10:22pm
Quote (GodFollower @ Apr 8 2010 04:21am)
Alright thanks. I did not need the passwords cracked, sorry you spent your time on that. I just needed the file type identified. I am not at all familiar with *nix systems, so to me the file looked like an encrypted windows file of some sort, using a hex editor. Figured the encryption program just created a hex header that was full of garbage.

Thanks for the info!


Azrad knows what he is talking about. Plus, when it comes to computers and stuff like this, he tends to go overboard. Lol. But, good job Azrad.
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 7 2010 11:23pm
Quote (GodFollower @ Apr 7 2010 09:21pm)
Do you do a lot of Forensics or recovery work?


Uh no. Encryption/security just happens to be a "hobby" of mine.

This post was edited by Azrad on Apr 7 2010 11:23pm
Go Back To Science, Technology & Nature Topic List
Add Reply New Topic New Poll