Thursday, October 08, 2015 Login · Register


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.


    Users Online
  • · Members on IRC: 0   
  • · Total Members: 21,831
  • · Newest Member: ipsled10


        Related Ads



        Top 10 Forum Posters
    Null Set883   


  • iExploit

  • iExploit

  • WeChall



        Related Ads

    View Thread
    Security Override Hacking General Hacking
    [Help]Crack .Net Sofware Authentication
    Register FAQ Members List Today's Posts Search

    Print Thread
    08-08-2014 11:11 PM [Help]Crack .Net Sofware Authentication
    I want to crack a dot net framework software that uses mysql coonection to validate the user.
    First I used wireshark to capture some packets to see what is inside the box:
    1 - The software uses a mysql login request, with user=activation and password=6462xe... (that of course is encrypted) to the host
    2 - After the response is ok it does another query "SHOW VARIABLES" then it gets 12 responses
    3 - After the responses, its does another series of querys, "SHOW COLLATION", "SELECT DATE_FORMAT(expiration....) from ACCOUNTS WHERE EMAIL=XXXX.XXXX"
    4 - The querys continues, I already know a little about mysql, and I know and understand all the queries for this authetication.

    Now the problem is that I dont know how to edit the responses that I received to control this authetication.
    Correct if I am wrong:
    1 - I need to change the target host ip, to my ip localhost.
    2 - I have to emulate all the login response and querys in my localhost.

    At first I tried to use fiddler2 to sniff and edit, but it only gets HTTP requests. Can someone tell me a tool that could help me with this or show me the right way to do ?
    Is my first time cracking.
    08-10-2014 03:13 PM RE: [Help]Crack .Net Sofware Authentication
    Well one problem is that youre using crack(a very ambiguous term in the hacker culture) in a very ambiguous way. You say crack, but we have no idea what your objective is.

    Are you trying to break into the mysql backend? Are you trying to prevent some sort of network check in the software? Bypassing a 30 day trial? Digging out default credentials embeded into the software? what?

    For most of those possibilities, a little background knowledge in reverse engineering is gunna be necessary for you, no tool is gunna be able to do that for you. I can understand having a reason to not give details on the specific software youre working on, but need more context in order to help.
    dmr, September 9, 1941 October 9, 2011

    Never Forget
    Jump to Forum:
    Forum powered by fusionBoard