Does anybody know about encrypting algorithm of Everest Icode?

[christopher.riley () r-it at]

> From first glance it looks like a simple MD5 hash (32 hexadecimal 
characters). Although I'm not sure why they'd want to only store the hash 
of a reference number.

Try looking at the code to see how a new order is placed and what process 
it uses there. You might be able to reverse the process (using brute-force 
or rainbow tables if required).

Chris John Riley

listbounce () securityfocus com@inet wrote on 21.01.2009 03:12:50:

> I'm pentesting some servers for my clients. There is encrypted field in 
msssqldatabase.
> REF_NO -> 1E682975FA1988662A742C830720946F
>
> In asp script the line is vData = objShoppingCartUpd.
CreateOrderFromCart(sConnectionString,sCartId,vChoice,sCCresult,rsOrder,iResult)
> where rsOrder("REF_NO") is a normal string.
> Does anybody know about encrypting algorithm of Everest Icode system? Or 
where
> can i get it?
>
> [attachment "signature.asc" deleted by Christopher RILEY/R-IT/RAIVIE/AT] 


----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. 
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. 
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for 
exchange of legally-binding communications.
----------------------------------------