Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 1 day ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 7 days ago http://t.co/cknQcDbo #Kindle
about 15 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
about 29 days ago http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding Nostalgia: my first password cracker
Nostalgia: my first password cracker
Written by Division by Zero   
Friday, 21 May 2010 01:00

HackersIt was back in 1996. After playing around with the high-school network, a friend and I found software to administer students and grades. It was called Leraren agenda 8.1 (Dutch name). After bringing some floppies to school, it was time to experiment with it at home. After looking at all the files, it wasn't clear where the configuration was stored. I couldn't open the software, because it required a password.

Oh well... I started testing individual files. Move one to another directory and start the software again to see what's happening. And there it was. After moving the "LA.INS" the software told me it was a new installation and asked if I wanted to set an admin password. I did. After copying the settings file I changed the password. And there it was... The file ended with a block of ASCII 0x01 characters and just before that there was a difference in both files.

The password was stored encrypted. Luckily I had the original password. The length was the same (good thing for me!). The difference between each encrypted character and the original was 128. After some more experiments it turned out that the character before the encrypted password told the software the length of the password. Of course caesar encryption isn't strong enough to fool curious 15-year old boys, but back than nobody thought of that.

After writing the password cracker (Turbo Pascal was the language for me back then) it was easy to retrieve the password used at school. The next step was to write a program to change the grades, although it worked fine, I never used that one on the school network.

A few years later I lost the source code, because my hard-drive crashed. Unfortunate! I still got the compiled version, though.

Tags:

Related Articles
 

Add comment


Security code
Refresh

I love deadlines. I like the whooshing sound they make as they fly by. - Douglas Adams


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.