what kind of encryption is that

Fking

click.cgi?CryptInt=tu-OmP-2cjOuK4nRCLHG5wBTRKo4/GWRqF9mAYzjOU6/ayapIzNIsTqX35xztYZF

this is the last part of a link, obviously the variables passed are encrypted
but does anyone have idea what kind of encryption it is
and if it's possible to be unencrypted?

toplay

Fking wrote:
click.cgi?CryptInt=tu-OmP-2cjOuK4nRCLHG5wBTRKo4/GWRqF9mAYzjOU6/ayapIzNIsTqX35xztYZF

this is the last part of a link, obviously the variables passed are encrypted
but does anyone have idea what kind of encryption it is
and if it's possible to be unencrypted?

No and No. Why do you want to decrypt it? :xbones:

Fking

hehe, you think i'm trying to hack something?
infact my intentions are total clean

this is for a cascading billing
i need to found the ID part in this url, and my script depending on the site used and the affiliate using it, will build the link again, dinamicly

dalecosp

Well, if it's decryptable, it ain't md5, right?

And, it might even be something that PHP doesn't do. *.cgi could easily be PERL, Ruby, etc.

Fking

i dunno if it's decryptable

Fking

but the string which sha1() makes is 40 chars
md5, 32 chars
these are 3 string less than 20 chars each...
so it should be something else

laserlight

hehe, you think i'm trying to hack something?
infact my intentions are total clean

In which case why ask us, why not ask the administrator of the relevant website?

Weedpacket

Most of it looks like base64 encoding, presumably to make it URL-compatible. The significance of the bit sequence it's encoding is another matter entirely ... it might even be totally random.

LoganK

dalecosp wrote:
And, it might even be something that PHP doesn't do. *.cgi could easily be PERL, Ruby, etc.

I wasn't aware *.cgi was a valid extension...I thought all CGI programs reside in the cgi-bin.

toplay

There's nothing to stop you from using .cgi to signify PHP really:

http://us2.php.net/security.hiding

🙂

Drakla

LoganK wrote:
I wasn't aware *.cgi was a valid extension...I thought all CGI programs reside in the cgi-bin.

If you want to run php with your credentials, and not as nobody and your server is running SuExec then you do put the php script in the cgi bin, this will tell you if you're you

#!/usr/bin/php
<?php	// CGI-BIN
system("/usr/bin/whoami");
?>

Put it in the cgi bin, make it executable. Try that outside the bin where you're just a faceless fish again, swimming with the shoal.

LoganK

Thanks for the tip 😃

bbreslauer

cgi-bin is just a common folder that most http servers use, but it can be any folder, as long is it has certain permissions on it.