Re: Crack MSN hashes?


Seeing to "==" in the last 2 chars in the SessionPassword it seems
that the data is encoded in BASE64. So just decode it in BASE64 and u
get the actual data in binary format. That data can be anything, and
would need further inspection.


On Mon, Apr 28, 2008 at 5:57 AM, Matheus Michels
<matheustmichels@xxxxxxxxx> wrote:
Good morning all,

After sniffing for a couple of hours an ISP network, I got a bunch of
MSN Messenger traffic, like the packet below (I masked some chars to
protect the guy):

UBN xxxx@xxxxxxxxxxx 10 495
ACK MSNMSGR:xxxxxx@xxxxxxxxxxx MSNSLP/1.0
To: <msnmsgr:xxxxxx@xxxxxxxxxxx>
From: <msnmsgr:xxxx@xxxxxxxxxxx>
Via: MSNSLP/1.0/TLP ;branch={E6321020-D46B-4DBC-A799-BD8F1C686B6D}
CSeq: 0
Call-ID: {00000000-0000-0000-0000-000000000000}
Max-Forwards: 0
Content-Type: application/x-msnmsgr-turnsetup
Content-Length: 144

SessionUsername: IZm4/GI6rJdhxxxxxxxxxxXaDENO5bRyJWUjvs8ChwX+BOmy
SessionPassword: 7Y0pJxxxxxxxc8b8HQ/4bw==

I was wondering how could I crack these hashes. They don't seem to be
neither MD5 nor SHA. The SessionUsername has always 48 digits, and the
SessionPassword has always 24. Does anyone know what type of cipher
does MSN use? And is there some tool to attempt dictionary attacks
against them?

Please note that I am NOT talking about the stuff stored by MSN in the
registry when you check the option "remember my password". I mean the
hashes transmitted by MSN over the network.


("Computers are useless. They can only give you answers." - Pablo Picasso)

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@xxxxxxxxxxxxxx

..::< The Technitium Team >::..
Visit us at
Contact us at theteam@xxxxxxxxxxxxxx

Technitium Personal Computers
We believe in quality.
Visit for details.

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

Relevant Pages

  • Re: Decoding Base64
    ... i am trying to decode a block of base64 into text, ... Richard Heathfield ... I've no idea what Richard has said else where, but his attitude to your posting here is hardly surprising. ... What do you think your local computer store would tell you if you took a printout of that code in and asked how to decode it? ...
  • Re: Base64 partial decoding
    ... I have data encoded with base64. ... I read bytes from stream. ... decode this part of data and write to another stream. ... Now assuming if its practical and you know the exact structure of the stream you could use functions like chunk_split,unpack or even preg functions to get the correct data. ...
  • Re: Sendmail Encoding User/Passwrod to Base64 Twice
    ... the results also appeared to be base64 encoded so ... On the second decode my plain user name ... Apparently sendmail is encoding my user name and password to base64 ... It may have been a wrongly configured authinfo file, ...
  • Re: Base64
    ... | pass a base64 encoded string into and get back a decoded String. ... ** encodeencodes an arbitrary data block into MIME Base64 format string ... int encode(unsigned s_len, char *src, unsigned d_len, char *dst) ... ** DECODE BASE64 into RAW ...
  • Re: Integer data type -> binary coded decimal
    ... While it doesn't answer your specific question, here is a routine to ... decode base64 data. ... It will decode the data into separate 3-byte pieces ... the end of the base64 string. ...