Does anyone know what this encoding format for passwords is? I think it is a decimal array but I can’t seem to convert it

During a penetration test, I ran across a server that was storing passwords in its database in what seems to be a binary array of sorts:

password_table  1,10,11,21,21,11,21,13,00,00,00,000 11,61,19,11,46,108,09,100 110,118,100,107,108,117,123,62,108,108,62,62 

(slightly edited for confidentiality)

The server in question is a Tomcat server and the application is running a Java program. I considered that this might be a array of sorts but I can’t seem to convert these arrays into anything readable or usable. Does anyone have any ideas?

Format for data & symmetric key exchange/storeage

Is there a standard format for storing/exchanging encrypted data along with the key needed to decrypt it (data is encrypted with a single use symmetric key and the symmetric key itself is encrypted with asymmetric key for the receiver)?

We are trying to build an interoperable protocol to exchange large messages between two parties that may not agree on much else besides using asymmetric keys. The best way seems to be using a symmetric single use key to encrypt the data and then encrypt it with the asymmetric key and pass along the whole thing as a package (e.g. RSA wrapped AES). So is there any widely used standard for sharing the encrypted text along with its key, preferably along with some information about the symmetric algorithm used.

The only work that I found in that direction is OpenPGP which is somewhat too implementation specific. I was wondering if there is anything else that has more metadata along with it to describe the alogs and the keys.

Difficultly importing GeoTiff format

I downloaded Earth data from here. It is a GeoTiff file, which is a map of solar radiation falling on earth.

enter image description here

Mathematica claims to import GeoTiff files. However, when I import,

SetDirectory[NotebookDirectory[]] files = FileNames["*", "./diffuse/"][[1]] diffuse = Import[files, {"GeoTIFF", "Image"}] 

The output is an error:

LinkObject::linkd: Unable to communicate with closed link LinkObject['/Applications/Mathematica.app/Contents/SystemFiles/Converters/Binaries/MacOSX-x86-64/GDAL.exe',6300,8]. Import::fmterr: Cannot import data as GeoTIFF format. 

I can get the file to open using other GeoTiff programs such as QCIS. So it does seem to be a Mathematica issue. Any ideas? It is an error which I have not encountered before.

“john –format=md5” caused “Unknown ciphertext format name requested” error

  • This is known md5 hash for Kioptrix: Level 1.1 (#2)

Linux unshadow file

wolf@linux:~$   cat md5hash.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

md5hash only

wolf@linux:~$   cat md5hash_only.txt  $  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc. $  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1 $  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1 wolf@linux:~$    

Since I know that these are md5 format, I used --format=md5 option in john.

Unfortunately, I’m getting Unknown ciphertext format name requested error.

wolf@linux:~$   john --format=md5 md5hash.txt  Unknown ciphertext format name requested wolf@linux:~$     wolf@linux:~$   john --format=md5 md5hash_only.txt  Unknown ciphertext format name requested wolf@linux:~$    

I’ve verified that the format is similar with pentestmonkey cheat-sheet

Any idea what’s wrong here?

How to send a string format exploit through socket

I’m doing a CTF exercise here:

https://c-wars.acnr.se/download/level2.tgz

There is a docker with the vulnerable service, which I need to found the value of a variable. I was able to do it by the following input:

== Login Service 1.0 == Username: %7$  s Password: a Welcome: ACNR{_SERVICE_FLAG_} 

My issue now is that the submission needs to call a function that is going to send this string by a socket, so I guess I need to escape it. I have tried %7$ s, but didnt worked.

Submission format can be found at https://c-wars.acnr.se/download/MANUAL.pdf

#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <stdint.h> #include "gamelib.h" uint32_t main(uint32_t argc, uint8_t ** argv) { svc_init(); svc_set(10000); svc_writeln("gimme flag"); svc_readuntil('}'); return 0; } 

Industry secure file format like .OFX Open Financial Exchange File [closed]

The .OFX Open Financial Exchange File is a file format created for financial data exchanges between financial institutions.

I was wondering if in the IT security realm, such a file format exists.

My goal would be to use and customize it so that my backend API entry points (that is another story, don’t worry about that)

How to Export MS SQL DB from Docker-Linux to Access format

I have a MS SQL database which is currently up and running on my Mac within a Docker container that is hosting the Ubuntu Linux version of MS SQL Server. I need to export the database to a format that can be imported into an Access (yes, Access) database.

Alternatively, I would need to export all 300+ tables to CSV, and hopefully would not need to do them one by one. Is there any way to export all tables en masse to CSV? But this is an alternative option. I still prefer the Access-compatible export since our new SIS vendor apparently uses it. Thanks!

Convert private SSL certificate to PKCS12 format for JKS Keystore [migrated]

I got the following files from company certificate provider.

jenkins.int.XX.com.key XX_Inc_Private_Root_CA.base64.cer XX_Inc_Private_Root_CA.crt XX_Inc_Private_SSL_CA.509.cer XX_Inc_Private_SSL_CA.509.pem 

Here is the two commands I run to convert:

openssl pkcs12 -export -out jenkins_keystore.p12 -passout 'pass:changeit' -inkey jenkins.int.xx.com.key -in XX_Inc_Private_Root_CA.base64.cer  error message: No certificate matches private key    openssl pkcs12 -export -out jenkins_keystore.p12 -passout 'pass:changeit' -inkey jenkins.int.xx.com.key -in XX_Inc_Private_SSL_CA.509.cer  error message: unable to load certificates  

What is the right way to do it?