[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: Re: Crack MSN hashes?
From: Kish Pent <kish_pent () yahoo ! com>
Date: 2008-04-29 4:33:39
Message-ID: 912643.53422.qm () web37605 ! mail ! mud ! yahoo ! com
[Download RAW message or body]
Hi Matheus,
The MSN Messenger uses the MSNP Protocol. The current version uses 13 or 14/15 too \
maybe ... Not sure which one's used here correctly. This is a copy of the IETF draft \
of MSN Messenger service 1.0 protocol, \
http://www.hypothetic.org/docs/msn/ietf_draft.php
I think it's version 14 or 15 of the MSNP in the current OneLive / Windows Live \
Messenger. You can get unofficial documentation and additional protocol information \
from the MSNPiki : http://msnpiki.msnfanatic.com/index.php/Main_Page
The MSNPiki has documented the protocols from v8 to v15. I assume that you have used \
Wireshark (formerly Ethereal) to sniff the hashes, because the syntax is decodable \
only using this tool.
Refer http://msnpiki.msnfanatic.com/index.php/MSN_Protocol_Version_15
You can also check out the Tweener SSO feature at the MSNPiki.
If you understand the protocol carefully, and see the authentication, you can extend \
hydra with your own MSNP(version X) module :)
HTH, Cheers !
Kish
--
Kishore Parthasarathy,
Penetration Tester, Smart Security,
17/1,Upstairs, Sarojini St,T.Nagar,
Chennai - 600 017
Phone: 91 98841 80767
--
Trust everyone just don't trust the devil inside 'em
--- Italian Job, 2003
----- Original Message ----
From: Matheus Michels <matheustmichels@gmail.com>
To: pen-test@securityfocus.com
Sent: Monday, April 28, 2008 5:57:55 AM
Subject: Crack MSN hashes?
Good morning all,
After sniffing for a couple of hours an ISP network, I got a bunch of
MSN Messenger traffic, like the packet below (I masked some chars to
protect the guy):
---------------------------------------------------------------------------
UBN xxxx@hotmail.com 10 495
ACK MSNMSGR:xxxxxx@hotmail.com MSNSLP/1.0
To: <msnmsgr:xxxxxx@hotmail.com>
From: <msnmsgr:xxxx@hotmail.com>
Via: MSNSLP/1.0/TLP ;branch={E6321020-D46B-4DBC-A799-BD8F1C686B6D}
CSeq: 0
Call-ID: {00000000-0000-0000-0000-000000000000}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-turnsetup
Content-Length: 144
ServerAddress: 207.46.112.175
SessionUsername: IZm4/GI6rJdhxxxxxxxxxxXaDENO5bRyJWUjvs8ChwX+BOmy
SessionPassword: 7Y0pJxxxxxxxc8b8HQ/4bw==
---------------------------------------------------------------------------
I was wondering how could I crack these hashes. They don't seem to be
neither MD5 nor SHA. The SessionUsername has always 48 digits, and the
SessionPassword has always 24. Does anyone know what type of cipher
does MSN use? And is there some tool to attempt dictionary attacks
against them?
Please note that I am NOT talking about the stuff stored by MSN in the
registry when you check the option "remember my password". I mean the
hashes transmitted by MSN over the network.
Thanks
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. \
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic