General discussion

Locked

Hex to ASCII question

By togetananswer ·
I am tryng to decode this password that our company uses to log into our client service. Some idiot forgot the password and now we can't use the system. the system will give me this "7E405B5D587E" Number. I think it is Hex but I can't decode it. HELP ME!!! Time is money!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Hex to ASCII question

by togetananswer In reply to Hex to ASCII question

Point value changed by question poster.

Collapse -

Hex to ASCII question

by PhiltheGreat In reply to Hex to ASCII question

Assuming you are right:
then 7E405B5D587E is
7E 40 5B 5D 58 7E
~ @ [ ] X ~

It has no meaning and it is not accepted as a password too.
I am willing to help; but please give more details. Where do you get this number? What system are you using? Because different system and software read the HEX into different meanings; so assuming it is an ASCII does not work.

One simple way to solve this, is to use a software to hack into the system. Yes, I mean it!
Hacking your only system islegal.

Any support from your Vendor? They knows how to hack their own system.

Collapse -

Hex to ASCII question

by togetananswer In reply to Hex to ASCII question

Okay. I am running Windows 98 SE and I have what seems to be a valid WIN32 Application. A company called Citigroup wrote the program as far as I can tell. When I type in a guess for the password, it obviously says wrong password and a box comes up with the encrypted password in it. It says call this hotline with the encrypted password but that line was disconnencted long ago. Ugg...

Collapse -

Hex to ASCII question

by eBob In reply to Hex to ASCII question

FWIW it is unlikely that the password is stored as a simple HEX equivalent. And as noted in the previous answer, this decodes to something quite unlikely to be a password.

It would be helpful to know what kind of system you are using (Unix, CiscoIOS, Windoze, or is this application specific).

Most Unix systems have a "known workaround" which requires you to boot from tape (or a CD-ROM), at which point you can reset a password. Same with Cisco IOS.

Also FWIW, most systems do not store the password. They take the user input, run it through an algorithm of some sort ("hashing") and produce some sort of input. When the user next enters the password, the entry is run through the hash again, and the results compared. This is to make reverse-engineering "difficult". This is likley the situation that you have here.

Assuming that you are the admin (or real owner) of the system, then you could look around for password-cracking tools that MIGHT be able to work this through.

Collapse -

Hex to ASCII question

by RRV In reply to Hex to ASCII question

Cool buddy. If your application is stupid to tell it is wrong password and also tells the password in some encrypted form i think you can handle. Enumerate the password textboxes and get the password. get sample VB code called sniff password from "http://www.mvps.org/vb/index2.html?samples.htm". Thanks to Mr. Karl E. Peterson - Creator of the program.

Collapse -

Hex to ASCII question

by togetananswer In reply to Hex to ASCII question

Hold on there Answer#3. I don't mean asterick encrypted. I mean like "encrypted" encrypted. I downloaded that VB program and ran it, but I don't have the password in astericks. "7E405B5D587E" is all it gives me. Ugg...

Collapse -

by Albert Franco II In reply to Hex to ASCII question

Citigroup is a VERY well known banking company. There is little doubt that what you have is a password hash. Without knowing what encryption scheme was used to generate it you have very little chance of breaking it.

Your best bet is to comunicate with the provider and arrange for a new password.

If (for whatever reason) that is not an option, then you will need to do some research. What is the name of the software? You say it is a client software, but client to what server? Does it pull in news, ticker tape results, bank account information, etc.?

Can you determine if the hash is produced by MD5, BlowFish, or some other known algorithm? If you know the algoritm and suspect that you know part of the password, some algoritms can be cracked. However it is a tedious process that requires an aweful lot of computing power.

Probably you best bet is to determine who the "idiot" is and find out what other passwords they use. Chances are that it is something similar. Usually the weakest link in any password scheme is the "idiot" that thinks up unsecure passwords like "12345", "myaddress", and "password".

If the system doesn't block you after each "x" tries then you could try a dictionary atack since many users use very common words as passwords.

Good luck. You are in effect doing what Citigroup doesn't want anyone to be able to do. That code is most definetly NOT Hex!

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums