|
TheBrute (OP)
|
 |
March 09, 2016, 12:18:18 PM
Last edit: March 11, 2016, 09:10:26 AM by TheBrute |
|
|
|
|
|
|
rollin-sat
Newbie
 Offline
Activity: 18
Merit: 0
|
|
March 09, 2016, 12:19:58 PM |
|
it's safe open these links?!  |
|
|
|
|
|
TheBrute (OP)
|
|
March 09, 2016, 12:20:44 PM |
|
it's safe open these links?! you can't open that links ! it's from my local ISp's address |
|
|
|
|
minifrij
Legendary
Offline
Activity: 2324
Merit: 1267
In Memory of Zepher
|
|
March 09, 2016, 02:55:19 PM |
|
The strings look somewhat similar to something encrypted, perhaps using PHP's mcrypt library with a 16 bit key. If this is the case, the chances of you decrypting these messages is very small, due to you having to find the key. Due to the length of this key (16 bits), the chances of you brute-forcing this key is very low/impossible. |
|
|
|
|
|
TheBrute (OP)
|
|
March 09, 2016, 07:10:19 PM |
|
The strings look somewhat similar to something encrypted, perhaps using PHP's mcrypt library with a 16 bit key. If this is the case, the chances of you decrypting these messages is very small, due to you having to find the key. Due to the length of this key (16 bits), the chances of you brute-forcing this key is very low/impossible. i can provide you Source code of Site & all Javascripts maybe that can be useful? and they are very shitty coder's i think it's some simple url encoding encryption base64 & some others but i'm noob  ! |
|
|
|
|
minifrij
Legendary
Offline
Activity: 2324
Merit: 1267
In Memory of Zepher
|
|
March 09, 2016, 07:22:47 PM |
|
i can provide you Source code of Site & all Javascripts maybe that can be useful?
It's likely just going to be in the PHP files of the site; I doubt Javascript is used any of this. I could try to have a look, though I am no expert on hashing and encryption. and they are very shitty coder's i think it's some simple url encoding encryption base64 & some others but i'm noob ! Base64 is used to allow the encrypted message to be output as a string. It's needed if using the mcrypt library. |
|
|
|
|
|
lucasjkr
|
|
March 10, 2016, 04:42:30 PM |
|
It's encrypted. No way for any of us to know - the urls referenced could indeed be decoded to valid URL's, or they could decode to ID's or keys for the server to look up from its database. So, unless the developer sucks, we really oughtn't be able to find out.
Maybe you could visit a couple, so that we can see what the decoded text is, and try to determine if it's something thats' encoded or being looked up.
|
|
|
|
|
JustDie
Full Member
Offline
Activity: 224
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
|
|
March 10, 2016, 06:18:32 PM |
|
you can't open that links ! it's from my local ISp's address
we got this they could decode to ID's or keys for the server to look up from its database.
@OP if you want to know it just hack your ISP database  |
|
|
|
JustDie
Full Member
Offline
Activity: 224
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
|
|
March 10, 2016, 06:24:58 PM |
|
i can provide you Source code of Site & all Javascripts maybe that can be useful?
It's likely just going to be in the PHP files of the site; I doubt Javascript is used any of this. I could try to have a look, though I am no expert on hashing and encryption. and they are very shitty coder's i think it's some simple url encoding encryption base64 & some others but i'm noob ! Base64 is used to allow the encrypted message to be output as a string. It's needed if using the mcrypt library. IMO Its not going to be in the php files. also i cant hashing it with any hash i know |
|
|
|
minifrij
Legendary
Offline
Activity: 2324
Merit: 1267
In Memory of Zepher
|
|
March 10, 2016, 06:42:17 PM |
|
IMO Its not going to be in the php files.
Why wouldn't it be? If it's encrypted using PHP mcrypt_decrypt() could be used, and if it's in the database a query could be created to fetch the string back. |
|
|
|
|
|
TheBrute (OP)
|
|
March 11, 2016, 09:02:25 AM |
|
IMO Its not going to be in the php files.
Why wouldn't it be? If it's encrypted using PHP mcrypt_decrypt() could be used, and if it's in the database a query could be created to fetch the string back. i have uploaded a php shell their on one server which use same software so i can access their File Manager i can provide you all files from www/html folders ! |
|
|
|
|
|
TheBrute (OP)
|
|
March 11, 2016, 09:10:13 AM |
|
Price updated to 5$ and you can use my PC with TeamViewer too if needed !  |
|
|
|
|
|
TheBrute (OP)
|
|
March 11, 2016, 10:22:29 AM |
|
menu_id=86&getuserid=950 This is encoded in this aGlVVXhraFlUQkdzbHpvSnVXUUVqMXhtRjdGcGI1VXdIaHFRSDNTajlnRT0= |
|
|
|
|
adaryian
Sr. Member
Offline
Activity: 392
Merit: 250
★ BitClave pre-ICO: 25/07/17 ★
|
|
March 11, 2016, 10:32:35 AM |
|
menu_id=86&getuserid=950 This is encoded in this aGlVVXhraFlUQkdzbHpvSnVXUUVqMXhtRjdGcGI1VXdIaHFRSDNTajlnRT0= Well, here's my two cents on the subject. It looks like part of this link "getuserid=950" would probably link to a MySQL database, and is definitely hashed and probably salted. This is an internal IP address, so I will assume you're using this for testing purposes, in which case, maybe you could look here for some guidance. https://www.exploit-db.com/docs/Cracking_Salted_Hashes.pdfGood luck! |
|
|
|
|
|
,'+██':
,█████████████;
.██████████████████
.████████████████████
█ .███; ,███████.
██ .█+ '█████'
`███ .█+ ,;'': █████+
████ .█+ ███████████, ,████+
█████ .████████████████, ████,
██████ .██████████████████ `████
;██████ .█████` '██████ .█████
████ ██ .███ :████████████.
+███ ██ .█. `.. ████████████
████ ██ . .███████' ███████████`
,███ ██ ███████████ ███████████
████ ██ █████████████` `██████████
███; ███ ███████████████ ██████████`
███ ███ .████████████████ `█████████'
,███ ███ █████████████████ ██████████
'███ ,███ █████████████████: ██████████
+███ ;███ `██████████████████ ██████████
████ '███ .██████████████████ +█████████
████ '███ .██████████████████ +█████████
'███ :███ █████████████████' ██████████
:███ ███ █████████████████ ██████████
███ ███' '████████████████ ██████████
███, ████ ███████████████` ██████████,
████ ,███: `█████████████+ ██████████
;███ ████ `███████████+ ███████████
███' .████ █████████` +██████████;
████ █████ :███' +███████████
████ █████` ████████████+
████, ██████` +█████. +█████
████ █████████++████████` ████.
.████ ;████████████████ █████
'████` +████████████ █████
+████+ `'█████+. .█████
+█████. ██████
,██████; .███████
█████████':,:;█████████.
,███████████████████+
.███████████████;
`'████████,
| |
|
|
|
|
TheBrute (OP)
|
|
March 11, 2016, 03:36:48 PM |
|
menu_id=86&getuserid=950 This is encoded in this aGlVVXhraFlUQkdzbHpvSnVXUUVqMXhtRjdGcGI1VXdIaHFRSDNTajlnRT0= Well, here's my two cents on the subject. It looks like part of this link "getuserid=950" would probably link to a MySQL database, and is definitely hashed and probably salted. This is an internal IP address, so I will assume you're using this for testing purposes, in which case, maybe you could look here for some guidance. https://www.exploit-db.com/docs/Cracking_Salted_Hashes.pdfGood luck! No i'm not doing this for learning ! and i'm not onto web programming etc. i still need this anyone can do it ? |
|
|
|
|
minifrij
Legendary
Offline
Activity: 2324
Merit: 1267
In Memory of Zepher
|
|
March 11, 2016, 04:35:22 PM |
|
No i'm not doing this for learning !
and i'm not onto web programming etc.
i still need this anyone can do it ?
I can try to give it a look if you can provide the Source code. |
|
|
|
|
|
