Steganography: The Art of Concealing

In this post, we will introduce the multiple ways for hiding any text that are based on Audio, Image, Video and White text. For achieving this we will use a method that is known as “Steganography”. The term steganography refers to the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. So here we will check all those methods that can help us for doing the same.

Table of Content

Introduction

Purpose of steganography

Methods of steganography

  • Audio-based steganography
  • Image-based steganography
  • Video-based steganography
  • White text Steganography

Introduction

Steganography is the practice of hiding a file, message, image or video in another file like message video or audio. In general, the hidden message seems like something else like pictures, articles and sometimes shopping list. While the practice of encryption is to protect the content of a message alone, the style of steganography both concerns the disclosure and content of a secret message. Steganography covers data concealed in computer files. So, let’s understand this in a better way with the examples. First, let’s understand what is the purpose of steganography.

Purpose of Steganography

Effective communication is steganography. At first, you can encrypt and hide a private file inside a picture of another file type before sending it to somebody else. The likelihood of being intercepted will reduce. If you send any encrypted file to someone the other person will try to decrypt it in many ways and possibly, he will be able to do so. But in this case, it will reflect like a normal image and the other person will have no hint that what can be there on the other side of the picture. So, it is always a better and safe way of communication for those organisations where they want to protect their selves from these kinds of attacks.

So, let’s start and see how it works.

Audio Steganography

First, we will install a software named deep sound which is meant to convert all our audio files to some other format files. For installation please visit the link given below

https://deepsound.en.uptodown.com/windows

Conceal Approach: Now open the application and click on open carrier files and select an mp3 file behind which you want to conceal the original file.

Here we have selected an audio file behind which we will hide the data as we have done.

After selecting the file, we will now click on add secret file and give any file here which we want to conceal. Here we have opted for a document file.

Here you can further add one more extra security layer which is encoding by putting a password to the file. As you can see that we have given 123 as a password without which it won’t be possible for the other person to open the file.

The file is created successfully.

Now we can share this mp3 file with the other person to continue the hidden communication in the network.

Reveal Approach: The person also needs to open this with the same password which we had given for encoding. As the other person enters the password, he will be able to see the concealed content of the file by clicking on extract files.

As the other person enters the password, he will be able to see the concealed content of the file by clicking on extract files and the doc file is extracted successfully. So, by this tool, we have successfully concealed our doc file behind the mp3 file.

Image Steganography

Let’s now hide some text file behind an image file. So, we have installed the next tool which is OpenStego.

Conceal Approach:  we will first select the doc file which we want to hide after that we will add the image file behind which we will conceal the doc file and then we will choose a password and the concealed file is created.

Reveal Approach: Now we will extract the doc file by adding the image and then giving the right password and we have extracted the doc file.

Video Steganography

Now let’s see how we can hide anything behind a Video file. For this, we will install the tool Our secret from the link given here.

https://oursecret.soft112.com/

Once it is downloaded successfully. We will now be trying to conceal a doc file behind a video file.

Let’s start.

Hide: So first we will select a video which went to send. So, by clicking on select a carrier file we will choose our video and then that file which we want to hide and then giving it a password and click on hide and our new file is created.

Unhide: Now we will try to open this file with the same tool for unhiding and it will ask for the password. Once you will enter the password, we will get the concealed file here.

Text Steganography

Now we are moving towards a new idea of steganography which is white space steganography. In this kind of steganography, we will hide text behind the text which will be not possible for anyone to judge. For this, we will visit a website

www.spammimimc.com

Conceal Approach: Here we will click on encode and add the text which you want to hide and click on encode.

As you clicked on encode you will see that a new text encoded file is created.

Reveal Approach: To decode this encoded text, we will copy this text and paste it in the box given and click on decode.

And finally, you will get the message which was hidden behind that.

Another Method

Conceal Approach: That’s not all! We can also send this message as an excel file which is hard to detect for anyone. To use this feature, we will click on “encode as a spreadsheet” and enter the text which you want to conceal and click on encode.

Then this generates a new excel file to conceal our “secret message” behind its record.

When we open this excel file it seems a very normal excel file by which no one will get to know the real message behind that.

Reveal: But as we know that there is a hidden file behind this so we will decode this. So first click on decode fake spreadsheet.

Now paste the sheet which we want to decode in the column and click on decode.

Now you will get the real hidden message which was there behind this excel file as we got successfully.

So, it’s very clear that there are several ways of sending safe secret messages by the art of steganography.

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Beginner Guide to Classic Cryptography

Cryptography:  It is a technique of scrambling message using mathematical logic to keep the information secure. It preserves the scrambled message from being hacked when transport over the unsecured network. Since it converts the readable message in the unreadable text.

Plaintext: It is the content of data which is in a readable form that needs to share over the insecure network.

Encrypting key: It is a random string of bits created particularly to scramble the plaintext information into unreadable text using mathematical logic. There are two types of encryption key symmetric key and asymmetric key.

Ciphertext: The output of encryption produce ciphertext which is not readable by human beings.

Decrypting key: It is the key which use to decipher the ciphertext into again plaintext using the symmetric or asymmetric key to read the original message.

Functionality of cryptosystem

  • Authentication: It is the process of verification of the identity of the valid person through his username and password that communicates over a network.
  • Authorization: It refers to the process of granting or denying access to a network resource or service. Most of the computer security systems that we have today are based on a two-step mechanism. The first step is authentication, and the second step is authorization or access control, which allows the user to access various resources based on the user’s identity.
  • Confidentiality or privacy: It means the assurance that only authorized users can read or use confidential information. When cryptographic keys are used on plaintext to create ciphertext, privacy is assigned to the information.
  • Integrity: Integrity is the security aspect that confirms that the original contents of information have not been altered or corrupted. There should be not any kind of modification with information while its transport over the network.
  • Non-repudiation: Non-repudiation makes sure that each party is liable for its sent message. Someone can communicate and then later either falsely deny the communication entirely or claim that it occurred at a different time, or even deny receiving any piece of information.

Classical Cryptographic Algorithms Types

Caesar Cipher

Caesar cipher is a type of substitution cipher in which each letter of the alphabet is swap by a letter a certain distance away from that letter.

Algorithm

Step 0: Mathematically, map the letters to numbers (i.e., A = 1, B = 2, and so on).

Step 1: Select an integer key K in between 1 and 25 (i.e., there are total 26 letters in the English language) let say shift right 3 alphabets where A +3 = D, B+3 = E and so on.

Step 2: The encryption formula is “Add k mod 26”; that is, the original letter L becomes (L + k)%26.

For example encryption of “IGNITE” will like as:

C = E (L+K) %26

Here L= I and K = 3

C = E (I+3) % 26

C = E (9+3) % 26

C = E (12) % 26

C = E (L)

Hence encryption of IGNITE: LJQLWH


Step 3: The deciphering is “Subtract k mod 26”; that is, the encrypted letter L becomes (L – k) %26.

For example Decryption of “LJQLWH” will like as:

C = D (L-K) %26

C = D (L-3) % 26

C = D (12-3) % 26

C = D (9) % 26

C = D (I)

Hence decryption of LJQLWH: IGNITE

 Limitation: Caesar cipher is vulnerable to brute-force attack because it depends on a single key with 25 possible values if the plaintext is written in English. Consequently, by trying each option and checking which one results in a meaningful word, it is possible to find out the key. Once the key is found, the full ciphertext can be deciphered accurately.

Monoalphabetic Cipher

It is also a type of substitution cipher in which each letter of the alphabet is swap by using some permutation of the letters in an alphabet. Hence permutations of 26 letters will be 26! (Factorial of 26) and that is equal to 4×1026. This technique uses a random key for every single letter for encryption and which makes the monoalphabetic cipher secure against brute-force attack.

The sender and the receiver decide on a randomly selected permutation of the letters of the alphabet. For example in word “HACKING” replace G from “J” and N from “W” hence permutation key is 2! i.e. factorial of 2 and HACKING will become “HACKJIW”.

Algorithm

Step 0: Generate plaintext–cipher text pair by mapping each plain text letter to a different random cipher text letter IJKLQR——–GFE.


Step 1: To encipher, for each letter in the original text, replace the plain text letter with a ciphertext letter.

Hence encryption of “IGNITE” will be as shown below

Step 2: For deciphering, reverse the procedure in step 1.

Hence decryption of “USBUOQ” will be “IGNITE”

Limitations

Despite its advantages, the random key for each letter in monoalphabetic substitution has some downsides too. It is very difficult to remember the order of the letters in the key, and therefore, it takes a lot of time and effort to encipher or decipher the text manually. Monoalphabetic substitution is vulnerable to frequency analysis.

Playfair Cipher

 It encrypts digraphs or pairs of letters rather than single letters like the plain substitution cipher

In this cipher, a table of the alphabet is 5×5 grids is created which contain 25 letters instead of 26. One alphabet “J” (or any other) is omitted. One would first fill in the spaces in the table with the letters of the keyword (dropping any duplicate letters), then fill the remaining spaces with the rest of the letters of the alphabet in order. If the plaintext () contains J, then it is replaced by I.

Algorithm

Step 0: Split the plaintext into a pair, if the number of letters is odd then add “X” with the last letter of the plaintext

For example “TABLE” is our plaintext split it into the pair as TA BL EX

Step 1: Set the 5 × 5 matrices by filling the first positions with the key. Fill the rest of the matrix with other letters. Let assume “ARTI” is our key for encryption.

Step 2: For encryption, it involves three rules:

If both letters fall in the same row, substitute each with the letter to its right in a circular pattern. TA—–> IR

If both letters fall in the different row and column, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle. BL—–> TN

If both letters fall in the same column, substitute each letter with the letter below it in a circular pattern. EX—–> LT


Step 3: For decryption, the receiver uses the same key to decipher the text by reversing above three rules used in step 2. Hence encryption of word “TABLE” is “IR TN LT”.

Limitations:

Playfair is considerably complicated to break; it is still vulnerable to frequency analysis because, in the case of Playfair, frequency analysis will be applied on the 25*25 = 625 possible digraphs rather than the 25 possible monographs (monoalphabetic)

Polyalphabetic Cipher

A polyalphabetic substitution cipher is a series of simple substitution ciphers. It is used to change each character of the plaintext with a variable length. The Vigenere cipher is a special example of the polyalphabetic cipher.

Algorithm

Step 0: Decide an encrypting key to change plaintext into cipher, for example, take “HACKING” as encryption key whose numerical representation is “7, 0 ,2 ,10, 8, 13, 6 “


Step 1: To encrypt, the numeric number of the first letter of the key encrypts the first letter of the plaintext, the second numeric number of the second letter of the key encrypts the second letter of the plaintext, and so on.

For example, the plaintext is “VISIT TO HACKING ARTICLES” and the key is “HACKING: 7 0 2 10 8 13 6”

Step 2: The encryption formula is “Add k mod 26”; that is, the original letter L becomes (L + k)%26

C = E (L+K) %26

Here L=V and K =7

C = E (V+7) %26

C = E (21+7) %26

C = E (28) %26

C = E (2)

C = E (C)

Hence encryption of “VISIT TO HACKING ARTICLES” is “CIUSBGUOAEUQAMHRVSKYKZ”


Step 3: The deciphering is “Subtract k mod 26”; that is, the encrypted letter L becomes (L – k) %26.

For example Decryption of “CIUSBGUOAEUQAMHRVSKYKZ” will like as:

C = D (L-K) %26

Here L=C and K =7

C = E (C-7) %26

C = E (21)

C = E (V)

Hence decryption of “CIUSBGUOAEUQAMHRVSKYKZ” is “VISIT TO HACKING ARTICLES”

Limitation

The main limitation of the Vigenère cipher is the repeating character of its key. If a cryptanalyst properly estimates the length of the key, then the ciphertext can be treated as link Caesar ciphers, which can be easily broken separately.

Rotation Cipher

In the rotation, cipher generates ciphertext on the behalf of block size and angle of rotation of plain text in the direction of following angles: 90o 1800 270

Algorithm

Step 0: Decide the size of the block for plaintext “CRYPTOGRAPHY”, let assume 6 as the block size for it.

CRYPTO
GRAPHY

Step 1: For encryption arrange plaintext in any direction among these angles 90o 1800 270o   as shown below:

In 90o Rotation place starting letter downwards vertically from G to C and so on.

CRYPTO
GRAPHY

In 180o Rotation place letter right to left horizontally from O to C and so on.

CRYPTO OTPYRC
GRAPHY YHPARG

In 270o Rotation place last letter top to bottom vertically from O to Y and so on.

CRYPTO
GRAPHY

Hence ciphertext will arrange in the following ways:

Step 2: arrange a letter according to their angles represents:

90 rotated cipher “GCRRAYPPHTYO”

180 rotated cipher “YHPARGOTPYRC”

270 rotated cipher “OYTHPPYARRCG”

Step 3: for decryption using block size and angle of rotation among all above three ciphertexts can be decrypted.

Transposition Cipher

In transposition, cipher plaintext is rearranged without replacing original letter from others as compare to above cipher techniques.

Algorithm

Step 0: Decide the keyword that will be representing the number of column of a table which stores plain text inside it, and help in generating cipher text, let suppose we choose CIPHER as key.

Step 1: store plaintext “classical cryptography” in a table from left to right cell.

Step 2: for encryption arrange all letters according to columns from in ascending order of keyword “CIPHER” will be CEHIPR as:

Column 1: CCCPP

Column2: ESRR

Column 3: HSCG

Column 4: PALOY

Column 5: RIYA

Hence the cipher obtain will be “CCCPPESRRHSCGPALOYRIYA

Step 3: for decryption receiver use key to rearrange 26 cipher letters according to its column in 6*5 matrix.

Limitation

It was very easy to rearrange cipher letter if the correct key is guesses.

Rail fence Cipher

 The ‘rail fence cipher’ also called a zigzag cipher is a form of transposition cipher the plain text is written downwards and diagonally on successive “rails” of an imaginary fence, then moving up when we reach the bottom rail. 

Algorithm

Step 0: choose the number of rails which will act as a key for plotting the plaintext on it. Here 3 rails are decided as key for encryption

Step 1: plot plaintext “RAJ CHANDEL” on the rail in zigzag form, in direction top to bottom (downwards and diagonally) and the bottom to up (upwards and diagonally)

Step 2: for encryption place all letter horizontally starting from row 1 to row 3 as:
Row 1: RHE

Row 2: ACADL

Row 3: JN

Hence encryption for “RAJCHANDEL” is “RHEACADLJN”

Step 3: for decryption generate the matrix by multiplying total ciphertext with the number of rails, here

Total 10 letters are in cipher text “RHEACADELJN” and 3 rails, hence matrix will of 10*3.


Transverse the above rule use in encryption and place the ciphertext as

Row 1: RHE

Row 2: ACADL 

 Row 3: JN

Limitations
The rail fence cipher is not very strong; the number of practical keys (the number of rails) is small enough that a cryptanalyst can try them all by hand. 

Reference:

Wikipedia.org

Practical cryptography algorithm and implement (by Saiful Azad , Al-Sakib Khan)

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Understanding Encoding (Beginner’s guide)

From Wikipedia

This article will describe the different type of process involves in encoding of data.

The term encoded data means wrapped data and the process of encoding is used to transform the data into a different format so that it can be easily understood by different type of system. For example ASCII characters are encoded by means of numbers ‘A’ is represented with 65, where as ‘B’ with 66 an so on.

As we known computer does not understand human languages therefore we need to encode the data into binary language which is easily readable by computer systems hence encoding is very important. It utilises such schemes that are widely available so that it can simply be reversed. Encoding means data transformation, not data encryption consequently it does not need a key in decoding.

URL Encoded

The internet only accepts URL’s in ASCII format, URL encoding entails encoding certain parts of the URL character set. This process takes one character and converts it into a character triplet that has a prefix of “%” followed by two digits in hexadecimal format. 

Character Encoded
: %3A
/ %2F
# %23
? %3F
& %24
@ %40
% %25
+ %2B
<space> %20
; %3B
= %3D
$ %26
, %2C
%3C
%3E
^ %5E
` %60
\ %5C
[ %5B
] %5D
{ %7B
} %7D
| %7C
%22

Example :

Original URL: https://www.hackingarticles.in

Encoded URL: http%3A%2F%2Fwww.hackingarticles.in

 Hexadecimal

Hexadecimal or Base 16 is a positional number system which consists of 16 distinct symbols which range from 0 to 9 in numerals and both upper and lowercase alphabets which range from A to F which represent numeric values 10 to 15

Step 1 – is to get the decimal value of an alphabet, this is different for both upper and lower case, eg: A = 65 and a = 97. In order to find the value of any alphabet, we count down to it from ”A” or “a”, the values are in single digit succession, eg: A = 65 B = 66 C = 67 and so on / a = 97 b = 98 c = 99 and so on.

Step 2 – To convert from decimal to hexadecimal, take the decimal value and divide it by 16, the hex value will be written beginning from the quotient all the way up to the remainder. So, the hex value of 97 will be 61.

Eg:

16 97 1
6 6
Source R a j
Decimal Value 82 97 106
Hexadecimal value 52 61 6a

 Base64

Each base64 digit represents exactly 6 bits of data.Is a radix-64 representation of ASCII string, here’s how we get it?

 Step 1 – is to get the decimal value of an alphabet, this is different for both upper and lower case, eg: A = 65 and a = 97. In order to find the value of any alphabet, we count down to it from”A” or “a”, the values are in single digit succession, eg: A = 65 B = 66 C = 67 and so on / a = 97 b = 98 c = 99 and so on.

Step 2 – is to divide the decimal value by 2, where ever there is a reminder it is denoted as “1” and where ever the remainder is “0”, it is denoted as “0”, continue to divide till you reach 0 or 1 and cannot divide any further. The binary value will be the denoted 1’s and 0’s counted from last to first.

Eg:In order to get a 8-bit value we prefix a “0” to the value, eg: 01010010 and this gives us the binary value of “a”.

2 97 1
2 48 0
2 24 0
2 12 0
2 6 0
2 3 1
  1 1

Step 3 – Write the values of all the characters in binary and make pairs of 6 (6-bit), eg: binary value of “Raj” in 8-bit = 010100 100110 000101, binary value of “Raj” in 6-bit = 010100 100110 000101 101010.

Step 4 – Write the 6-bit decimal value of the pairs we make in Step 3 and adding all the values where we have 1’s

32 16 8 4 2 1
0 1 0 1 0 0 20
1 0 0 1 1 0 38
0 0 0 1 0 1 5
1 0 1 0 1 0 42

Step 5 – Use the Base64 table to lookup the values we get in Step 4.

The Base64 index table:

Value Char Value Char Value Char Value Char
0 A 16 Q 32 g 48 w
1 B 17 R 33 h 49 x
2 C 18 S 34 i 50 y
3 D 19 T 35 j 51 z
4 E 20 U 36 k 52 0
5 F 21 V 37 l 53 1
6 G 22 W 38 m 54 2
7 H 23 X 39 n 55 3
8 I 24 Y 40 o 56 4
9 J 25 Z 41 p 57 5
10 K 26 a 42 q 58 6
11 L 27 b 43 r 59 7
12 M 28 c 44 s 60 8
13 N 29 d 45 t 61 9
14 O 30 e 46 u 62 +
15 P 31 f 47 v 63 /

 The Base64 encoded value of Raj is UmFq. Encoded in ASCII, the characters R, a, and j are stored as decimal values 82, 97, and 106, their 8-bit binary values are 01010010, 01100001, and 01101010. These three values are joined together into a 24-bit string, producing 010100100110000101101010. Groups of 6 are converted into individual numbers from left to right. While converting from 8-bit to 6-bit, 0’s are added to fill the last slots, so that a full pair of 6 can be made.

The full conversion of “Raj” to Base64 is shown in Table 1.1 and the individual conversion of “R” and “Ra” of “Raj” are shown in Tables 1.1 and 1.2 to show a breakdown of the process with explanation

Raj                                               82 97 106                             01010010 01100001 01101010


In the Table 1.2, for character “R” of “Raj”, the values in the Bit patternsection are in 8-Bit format and they are being converted into 6-Bit and the decimal value of the 6-Bit pairs are in the Index section.Table 1.1

The same process is repeated in Table 1.3 for characters “R” and “a” of “Raj”.

For each pair of extra 0’s that are added to complete a pair of 6, an “=” is added for each pair, so the ACHII value of “0 0” is “=”.

In table 1.4 to further build on the logic used in table 1.2 and 1.3, “Raaj” is converted to “UmFhag==” in Base64, with the addition of an additional “a”, the complexity of the conversion increases. In the Indexsection we can see an additon of 33, 26 and 32 due to the change in the bit pattern. 

For each pair of extra 0’s that are added to complete a pair of 6, an “=” is added for each pair, so the ACHII value of “0 0” is “=”, as done in table 1.2 and 1.3.

Rot13

This is a letter substitution cypher, it’s conversion process from plain text to cypher test is dicinging the total number of alphabets in half: A to M and N to Z. The first half mirriors the second half and vice versa. So, A = N and N = A.

Eg: Rot13 of Raj = Enw

A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

 

Understanding HTTP Authentication Basic and Digest

HTTP authentication uses methodologies via which web servers and browsers securely exchanges the credentials like usernames and passwords. HTTP authentication or we can also call it as Digest Authentication follows the predefined methods/standards which use encoding techniques and MD5 cryptographic hashing over HTTP protocol.

In this article, we are covering the methodologies/standards used for HTTP Authentication.

For the sake of understanding, we will be using our php scripts that will simply capture user name and passwords and we will generate the Authorization value as per the standards.

For http codes visit here

Basic Access Authentication using Base 64 Encoding

In basic Authentication, we will be using base 64 encoding for generating our cryptographic string which contains the information of username and password. Please note we can use any of the encoding techniques like URL, Hexadecimal, or any other we want.

The below example illustrates the concept, we are using Burpsuite for capturing and illustrating the request.

The webpage is asking for input from the client

We are providing “hackingarticles” as User Name and “ignite” as a password.

The syntax of Basic Authentication

Value = username:password

Encoded Value =  base64(Value)

Authorization Value = Basic <Encoded Value> 

In basic authentication username and password are combined into a single string using a colon in between.

Value =  hackingarticles:ignite

This string is then encoded using base 64 encoding.

Encoded Value = base64 encoded value of hackingarticles:ignite which is aGFja2luZ2FydGljbGVzOmlnbml0ZQ==

Finally, the Authorization Value is obtained by putting the text “Basic” followed by <space> before the encoded value. (We can capture the request using burpsuite to see the result)

The Authorization Value for this example is “Basic aGFja2luZ2FydGljbGVzOmlnbml0ZQ==“. This is the value which is sent to the server.  

Finally, the server is decrypting the authorization value and returning the entered credentials

Basic Authentication is a less secure way because here we are only using encoding and the authorization value can be decoded, In order to enhance the security we have other standards discussed further.

RFC 2069 Digest Access Authentication

Digest Access Authentication uses the hashing methodologies to generate the cryptographic result. Here the final value is sent as a response value.

RFC 2069 authentication is now outdated now and RFC2617 which is an enhanced version of RFC2069 is being used. 

For the sake of understanding the syntax of RFC 2069 is explained below.

Syntax of RFC2069

Hash1 contains the MD5 hash value of (username:realm:password) where the realm is any string

provided by server and username and passwords are the input provided by the client.

Hash2 contains the MD5 hash value of (method:digestURI) where a method could be got or post depending on the page request and digestURI is the URL of the page where the request is being sent. 

the response is the final string which is being sent to the server and contains the MD5 hash value of (hash1:nounce:hash2) where hash1 and hash2 have generated above and nonce is an arbitrary string that could be used only one time provided by the server to the client.

RFC 2617 Digest Access Authentication

RFC 2617 digest authentication also uses MD5 hashing algorithm but the final hash value is generated with some additional parameters

Syntax of RFC2617

Hash1 contains the MD5 hash value of (username:realm:password) where realm is any string

Provided by server and username and passwords are the input provided by the client.

Hash2 contains the MD5 hash value of (method:digestURI) where a method could get or post depending on the page request and digestURI is the URL of the page where the request is being sent. 

the response is the final string which is being sent to the server  and contains the MD5 hash value of (Hash1:nonce:nonceCount:cnonce:qop:Hash2) where Hash1 and Hash2 are generated above

and for more details on other parameters refer to ” https://technet.microsoft.com/en-us/library/cc780170(v=ws.10).aspx”

The actual working of RFC2617 is described below

The webpage is asking for input from the client

We are providing “guest” as User Name and “guest” as a password.

Through burpsuite, we are capturing the request so that all the parameters could be captured and we can compare the hash values captured with the hash values that we will generate through any other tool (hash calculator in this case).

We have captured the values for the following parameters

The MD5 hash value is calculated as 2c6165332ebd26709360786bafd2cd49

Hash2 Syntax =MD5 (method:digestURI)

Hash2=MD5 (GET:/auth/02-2617.php)

MD5 hash value is calculated as b6a6df472ee01a9dbccba5f5e6271ca8

MD5 hash is calculated as  ac8e3ecd76d33dd482783b8a8b67d8c1

Finally, the response value obtained through the hash calculator is exactly the same as that we have captured with burp suit above. 

Finally, the server is decrypting the response value and the following is the result

Author: Ankit Gupta, the Author, and co-founder of this website, An Ethical Hacker, Telecom Expert, Programmer, India. He Has Found his Deepest Passion To Be Around The World Of Telecom, ISP and Ethical Hacking. Contact Here