i want to ask... menu
Follow us:

Shout-Out

User Tag List

Results 1 to 4 of 4
  1. 03-17-2011 #1
    karapidiola's Avatar
    karapidiola
    karapidiola is offline
    Active Member
    Reputation
    51
    Join Date
    Mar 2008
    Posts
    166
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    i want to ask...

    so i want to ask something...
    lets say i login to a server the server i think sends me back the
    password hash of this account in s array(salted) encrypted again 32 bytes not 20 as the sha1(usernameassword) so its posible to extract this sha1 hash or its one way encryption?
    Reply With Quote Reply With Quote
    i want to ask...
  2. 03-17-2011 #2
    Dr. Doom's Avatar
    Dr. Doom
    Dr. Doom is offline
    Elite User
    Reputation
    400
    Join Date
    Jan 2008
    Posts
    1,722
    Thanks G/R
    4/7
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know much about this stuff, but from what I remember when running my own private server a while back, the login info was posted into a SQL type spreadsheet. That was when they first signed up for the server tho. Just throwing in something that sounds familiar, but from my experience it's not easy to extract encrypted information, i've heard of sha1 in the past.
    Reply With Quote Reply With Quote
  3. 03-17-2011 #3
    karapidiola's Avatar
    karapidiola
    karapidiola is offline
    Active Member
    Reputation
    51
    Join Date
    Mar 2008
    Posts
    166
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i know the password its stored in databases as sha1(username.':'.password); its 20 bytes long key its not this the problem
    what i want to achive its to dump this hash from the s array that server send us back after we send the AuthLogonChallenge packet(the packet with the username,version info etc)


    for exmaple this is 2 diferent request(with diferent names)

    ruben@touge:~/python$ ./wow_proto.py
    AUTH_LOGON_CHALLENGE with error :0x0
    SRP B :3f4dd842e7812cf7b9692391a0c6380393cbe822aaa129dcaba28f90c2b0c44a 32 bytes
    SRP g :07 1 bytes
    SRP N :b79b3e2a87823cab8f5ebfbf8eb10108535006298b5badbd5b53e1895e644b89 32 bytes
    SRP s :fda2ce04def21934e81ddc8dcb3a6c7481564ec9205dc049ed051ac0528f21f2 32 bytes
    unk :3b19881dd91c85b617fb5dc2d0ab55d2 16 bytes
    ------------------------------------------------------------------------------
    ruben@touge:~/python$ nano wow_proto.py
    ruben@touge:~/python$ ./wow_proto.py
    AUTH_LOGON_CHALLENGE with error :0x0
    SRP B :35b1b1fa1a7d7dc3bd9a0b1d1a65a96956ae60143af155b049e6404c5cd3141f 32 bytes
    SRP g :07 1 bytes
    SRP N :b79b3e2a87823cab8f5ebfbf8eb10108535006298b5badbd5b53e1895e644b89 32 bytes
    SRP s :fda2ce04def21934e81ddc8dcb3a6c7481564ec9205dc049ed051ac0528f21f2 32 bytes
    unk :41c4fccaafb23b949ec5a725f779c997 16 bytes
    ------------------------------------------------------------------------------
    the s array change when i change the username
    Last edited by karapidiola; 03-17-2011 at 08:11 PM.
    Reply With Quote Reply With Quote
  4. 03-18-2011 #4
    karapidiola's Avatar
    karapidiola
    karapidiola is offline
    Active Member
    Reputation
    51
    Join Date
    Mar 2008
    Posts
    166
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i found that function _SetVSFields(const std::string& rI) in AuthSocket.cpp in mangos source makes the s so they way it does its one way encryption and then
    joined to the packet:
    pkt.append(s.AsByteArray(), s.GetNumBytes()); <-- here
    so i think by using SetVSFields(sha1(USERNAME.':'.PASSWORD)) u can bruteforce the S

    ---------- Post added at 10:21 AM ---------- Previous post was at 09:19 AM ----------

    i think im totaly wrong so this cant be
    Last edited by karapidiola; 03-18-2011 at 09:36 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. couple of RAF questions i want to ask
    By lavahlight in forum World of Warcraft General
    Replies: 2
    Last Post: 09-15-2013, 10:16 PM
  2. [Selling] Want to know how to sell, and what to ask for my account.
    By not4addict in forum World of Warcraft Buy Sell Trade
    Replies: 2
    Last Post: 02-21-2011, 06:35 AM
  3. I found this but not sure work i want first to ask
    By mr.freaky in forum World of Warcraft General
    Replies: 3
    Last Post: 06-08-2009, 04:08 PM
  4. asking a question want help =p
    By come2fight in forum World of Warcraft Emulator Servers
    Replies: 13
    Last Post: 09-27-2007, 09:18 PM
All times are GMT -5. The time now is 10:37 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search