I've been spending as much time as possible working on small little programming exercises, mostly in C++ and PowerShell. I'm pretty novice; I may never get past the horrible whack-and-hack code I often piece together.
When I first started my IA program, I had to take a crash course in C programming for non-CS grads. I had the hardest time with the simplest of operations, looking for new functions to help. For instance, it took me weeks to see the relationship between UPPER and lower case in the ASCII chart (+/- 32). This stuck with me to this day, but a deep understanding of the lesson was still lacking.
Take the Cisco 7 Password crack examples; it's all over the Internet and is well known. So, naturally, I figured I should be able to write my own code to do the same as everyone else. No problem; I actually did this. However, the OFFSET and the HEX values for the encrypted password had to be hard-coded in. I wanted to accept user input. This is where I got seriously stuck. One of the ways I learn how something works is to observe it. This means a lot of printing out variable and values when I'm working in some section of code I can't map out for some reason. I'd been stuck trying to figure out how to extract the offset value of an encrypted password. I was trying to concat elements of a char array as a single int value and a bunch of other crazy stuff. I just couldn't figure it out
Then I came across this example that was so simple; subtract 48 from each character, using 10s and 1s place values and add together to get the offset. I'm pretty bad at explaining, let me show you.
Encrypted password = 13061E010803
The offset is contained in the first byte; 13. However when read into an array, you get:
char array[0] = 1
char array[1] = 3
However, as input a char, their stored values are 49 and 51. I need to work with these as a decimals. So, how do you convert? Subtract 48 from each value. You end up with 1 and 3. **lesson** Now I have the decimals the way I need them.... almost. 1 is in the 10's location, so if I multiply it by 10, I end up with 10. 3 is in the one's location, so if I multiply it by 1 I get 3 (don't need to multiply). Add them together and you get 13!
So, had I looked or remembered the ACSII chart lesson from years ago, I might have gotten to this point on my own (or at least damn near close).
Live and Learn
No comments:
Post a Comment