.

Hashing of URLs in registry (IE7)

<<

sommersb

Newbie
Newbie

Posts: 6

Joined: Mon Dec 22, 2008 2:36 pm

Post Wed Jun 02, 2010 3:06 pm

Hashing of URLs in registry (IE7)

I'm trying to debug a problem we have with an in-house web app and saved passwords.  In doing so I've run into something of a roadblock.  I've read how IE7 saves passwords under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

Apparently the key name should be a SHA1 hash of the URL, and then the data is the encrypted login data.  What is throwing me is trying to verify the hashes.  If I take a simple URL and then have IE save my password at that site, I see a new key created.  I'd like to know exactly what string (URL) is used to generate this key.  When I take the URL and generate a hash in Linux (sha1sum), I get a 40 character hex string (20 bytes).  When I look in the registry, all of the entries in Storage2 are 42 characters (21 bytes).

I found a couple of references that said the first byte in the registry was some sort of checksum, but removing that still doesn't get me the right answer.

To further confuse matters, if I generate a sha1 sum on my linux box, I get a different hash than from several websites.  Clearly I am missing something.  For example:

#echo hello | sha1sum
f572d396fae9206628714fb2ce00f72e94f2258f  -

but when I visit several sites that claim to have hash generators, the string "hello" produces this value:
aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
(http://www.daveproxy.co.uk/tools/sha1_h ... erator.php)
(http://www.ideaspace.net/misc/hash/)
(http://pajhome.org.uk/crypt/md5/)

So what am I doing wrong?

Thanks, Brian
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jun 02, 2010 4:38 pm

Re: Hashing of URLs in registry (IE7)

The echo command will append a trailing "newline" char to your string.  That will throw off the hash value.  Check out the following link:

http://www.mydigitallife.info/2008/12/10/how-to-calculate-and-generate-md5-hash-value-in-linux-and-unix-with-md5sum/
~~~~~~~~~~~~~~
Ketchup
<<

sommersb

Newbie
Newbie

Posts: 6

Joined: Mon Dec 22, 2008 2:36 pm

Post Wed Jun 02, 2010 8:44 pm

Re: Hashing of URLs in registry (IE7)

Ah, very good catch - thanks!

Now I just need to figure out how IE creates the hashes from URLs in the registry...
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jun 02, 2010 10:33 pm

Re: Hashing of URLs in registry (IE7)

There must be some sort value prepended or appended to the URL.  I can't quite get the hash in the registry to match the actual URL. 

I know that Cain and Abel can extract these passwords.  Also another utility called IEPassView can do the same (http://www.nirsoft.net/utils/internet_e ... sword.html)

Perhaps this link will help from a development perspective.  (I haven't had the chance to read it).

http://www.insidepro.com/doc/pc002e.shtml
~~~~~~~~~~~~~~
Ketchup

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software