Challenge: Cracking the Password
It is late at night and it has been a very tough day. You discovered early in the morning that one of your main critical systems was compromised. You found that someone accessed it with a privileged user, using a service or application that requires authentication. You wondered if there was a new 0-day vulnerability, or if someone got the password for this user? It seems the logs gave you the response, because they registered the IP address (an internal machine) from where the connection to the critical system was established. You had time to investigate that internal box, and found a file called "password" containing the following string:
VOhRrmhZvX7lEG9KvuF/6FVA
Questions:
Please, submit your answers to radajo@gmail.com by June 29, 2007. The official answers and the winner (most accurate and elegant answer) will be published by the beggining of July. The winner will receive an autographed copy of Ed Skoudis' "Counter Hack" book (the classic best-seller first edition), also signed by the whole RaDaJo crew.
NOTE: Look in the comments section of this post for tips to solve this challenge. They will be published only if no successful responses are received by June 29, 2007.
VOhRrmhZvX7lEG9KvuF/6FVA
Questions:
- What is the system or application that use this kind of password string and for what purpose?
- What is the format and crypto algorithm(s) used on this password string?
- What is the clear-text password of your critical system? Please, detail the process you followed and the tools you used to obtain the password.
Please, submit your answers to radajo@gmail.com by June 29, 2007. The official answers and the winner (most accurate and elegant answer) will be published by the beggining of July. The winner will receive an autographed copy of Ed Skoudis' "Counter Hack" book (the classic best-seller first edition), also signed by the whole RaDaJo crew.
NOTE: Look in the comments section of this post for tips to solve this challenge. They will be published only if no successful responses are received by June 29, 2007.
Labels: Pentest
posted by Raul Siles at 2:07 AM
3 Comments:
I'm sorry to be a nuisance but there haven't been any hints posted to the comments so should we assume someone's won the contest? I'm interested in finding out a hint, or the answer.
Hi guys,
When are you going to reveal the secret? I can’t make a clue out of the hash!
Greetz,
Stephan
Yes, we've a winner!! That's the main reason why we have not published any hints.
Next week (still "beginning of July" ;)) we'll publish a new Blog post containing the winner details, and the official answer to the challenge.
Thanks for your submissions and interest.
Post a Comment
<< Home