Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Crack MSN hashes?

From: "Matheus Michels" <matheustmichels () gmail com>
Date: Sun, 27 Apr 2008 17:27:55 -0700
Good morning all,

After sniffing for a couple of hours an ISP network, I got a bunch of
MSN Messenger traffic, like the packet below (I masked some chars to
protect the guy):

---------------------------------------------------------------------------
UBN xxxx () hotmail com 10 495
ACK MSNMSGR:xxxxxx () hotmail com MSNSLP/1.0
To: <msnmsgr:xxxxxx () hotmail com>
From: <msnmsgr:xxxx () hotmail com>
Via: MSNSLP/1.0/TLP ;branch={E6321020-D46B-4DBC-A799-BD8F1C686B6D}
CSeq: 0
Call-ID: {00000000-0000-0000-0000-000000000000}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-turnsetup
Content-Length: 144

ServerAddress: 207.46.112.175
SessionUsername: IZm4/GI6rJdhxxxxxxxxxxXaDENO5bRyJWUjvs8ChwX+BOmy
SessionPassword: 7Y0pJxxxxxxxc8b8HQ/4bw==
---------------------------------------------------------------------------

I was wondering how could I crack these hashes. They don't seem to be
neither MD5 nor SHA. The SessionUsername has always 48 digits, and the
SessionPassword has always 24. Does anyone know what type of cipher
does MSN use? And is there some tool to attempt dictionary attacks
against them?

Please note that I am NOT talking about the stuff stored by MSN in the
registry when you check the option "remember my password". I mean the
hashes transmitted by MSN over the network.

Thanks

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: