Coldfusion Encryption and Perl Decryption - perl

I have a situation where I need to encrypt content in Coldfusion and then decrypt in Perl. Here's a sample Coldfusion code:
<cfscript>
input = "Amidst the roar of liberated Rome, Of nations freed, and the world overjoy'd";
encryptionKey = "8kbD1Cf8TIMvm8SRxNNfaQ==";
encryptedInput = encrypt( input, encryptionKey, "AES/ECB/PKCS5Padding", "hex" );
writeOutput( "Encrypted Input: #encryptedInput# <br />" );
</cfscript>
This produces:
27B0F3EB1286FFB462BDD3F14F5A41724DF1ED888F1BEFA7174CA981C7898ED2EF841A15CDE4332D030818B9923A2DBA0C68C8352E128A0744DF5F9FA955D3C72469FEFDAE2120DE5D74319ED666DDD0
And the Perl:
use 5.24.1;
use Crypt::ECB qw(encrypt_hex);
my $input = "Amidst the roar of liberated Rome, Of nations freed, and the world overjoy'd";
my $encryption_key = "8kbD1Cf8TIMvm8SRxNNfaQ==";
my $encrypted_input = encrypt_hex($encryption_key, 'Rijndael', $input);
say $encrypted_input;
This produces:
e220ff2efe5d41e92237622ba969f35158d20e2c9c44995d44136d928d517462980321d4d6193fe62dc942fd717128442972524207777366954e5ceb2d1812ac997e06767a27d6a0145176d717c3836b
Why is the encrypted content different? Does anyone have any insights into this?

Your encryption key is base64 encoded, but Crypt::ECB expects a raw byte string (this isn't clear from the docs, though).
use Convert::Base64;
...
my $encryption_key = decode_base64("8kbD1Cf8TIMvm8SRxNNfaQ==");
...
New output:
27b0f3eb1286ffb462bdd3f14f5a41724df1ed888f1befa7174ca981c7898ed2ef841a15cde4332d030818b9923a2dba0c68c8352e128a0744df5f9fa955d3c72469fefdae2120de5d74319ed666ddd0

Related

Determining the hash type I am working with for use in hashcat

I am trying to crack some hashed information because the passcode was lost to us. I have the hashed information in the database, and the code that was used to encrypt it. It goes through cryptastic which appears to use rijndael-256 and pbkdf2, as far as my ignorant self can tell:
public function encrypt($msg, $k, $base64 = false)
{
# open cipher module (do not change cipher/mode)
if (!$td = mcrypt_module_open('rijndael-256', '', 'ctr', ''))
return false;
$msg = serialize($msg); # serialize
$iv = mcrypt_create_iv(32, MCRYPT_RAND); # create iv
if (mcrypt_generic_init($td, $k, $iv) !== 0) # initialize buffers
return false;
$msg = mcrypt_generic($td, $msg); # encrypt
$msg = $iv . $msg; # prepend iv
$mac = $this->pbkdf2($msg, $k, 1000, 32, 'sha256'); # create mac
$msg .= $mac; # append mac
mcrypt_generic_deinit($td); # clear buffers
mcrypt_module_close($td); # close cipher module
if ($base64)
$msg = base64_encode($msg);# base64 encode?
return $msg; # return iv+ciphertext+mac
}
And in the end looks like this: wWTWLPvXT9YRz2Zj+Og0EwTTSEiZGdjAQ1TRhycJA9jusjQ2mTpptw3hSM1XJ9yPw+4XvsvFASe08AbLr3BT0LFnvGsYPrq87yI= (I know this to be a 3 digit number if that helps at all)
So I am trying to use hashcat to recover our information and I am not certain I am using the correct hash-type. I am checking this page here: https://hashcat.net/wiki/doku.php?id=example_hashes and searching for 'pbkdf2' and looking at all the hits.
The best match as far as I can tell is 9200/Cisco-IOS $8$ (PBKDF2-SHA256) except that that seems to have a header of $8$, and none of my information has any headers at all, and no $ characters. Everything else with PBKDF2 in it doesn't seem to be a match either so I find myself kind of lost before I've even gotten started.
I also noticed my hashed info always had == on the end, but only for the longer information being encrypted, in the list Juniper IVE seems to fit that format but the name doesn't match anything I can see in cryptastic.
I'm mostly ready to go aside from this as far as I can tell, I have my custom rules set up since I know how we create the initial passcodes and the hashes are in a file to be read, it's just this hash-type selection that is blocking me.
Any help appreciated!

Parsing email with Email::MIME and multipart/signed

I'm a perl novice trying to figure out how to decode a MIME-encoded email with multiple parts. I'm not sure of conventions, so I'll just include the pieces of the email that I believe are relevant:
Content-Type: multipart/mixed; boundary="===============3385789078715843912=="
Mime-Version: 1.0
--===============3385789078715843912==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature"; boundary="=-0+dmFxz+BsFOEAAxvudu"
--=-0+dmFxz+BsFOEAAxvudu
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT0KVWJ1bnR1IFNlY3VyaXR5IE5vdGljZSBVU04tMzIxMC0xCkZlYnJ1
YXJ5IDIzLCAyMDE3CgpMaWJyZU9mZmljZSB2dWxuZXJhYmlsaXR5Cj09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
CgpBIHNlY3VyaXR5IGlzc3VlIGFmZmVjdHMgdGhlc2UgcmVsZWFzZXMgb2YgVWJ1bnR1IGFuZCBp
dHMgZGVyaXZhdGl2ZXM6CgotIFVidW50dSAxNi4wNCBMVFMKLSBVYnVudHUgMTQuMDQgTFRTCi0g
I've got the following bit of code:
my $msg = Email::MIME->new($buf);
for my $part ($msg->parts) {
if ($part->content_type =~ m!multipart/mixed!
or $part->content_type eq '' )
{
print "Found Multipart";
for my $subpart ($part->parts) {
print $subpart->body;
}
}
}
I really don't know what to do next. I've had a dozen different variations on this, and haven't gotten any closer after four hours of working on it. I'd appreciate if someone could help me identify the proper perl modules and functions to be used to read this text sub-part of a signed email.
The documentation of Email::MIME suggests not to use parts, because it's a stupid method. It returns its own object if there are no parts. That is weird.
Instead use the subparts method to get the parts of the email. Then use it again to iterate all parts of that part. If there are any, it will go in. Print the body of that sub part and you're done.
foreach my $part ( $msg->subparts ) {
foreach my $sub_part ($part->subparts) {
print $sub_part->body;
}
}

Perl split string at character entity reference

Quick Perl question with hopefully a simple answer. I'm trying to perform a split on a string containing non breaking spaces ( ). This is after reading in an html page using HTML::TreeBuilder::XPath and retrieving the string needed by $titleString = $tree->findvalue('/html/head/title')
use HTML::TreeBuilder::XPath;
$tree = HTML::TreeBuilder::XPath->new;
$tree->parse_file( "filename" );
$titleString = $tree->findvalue('/html/head/title');
print "$titleString\n";
Pasted below is the original string and below that the string that gets printed:
Mr Dan Perkins (Active)
Mr?Dan Perkins?(Active)
I've tried splitting $titleString with #parts = split('\?',$titleString); and also with the original nbsp, though neither have worked. My hunch is that there's a simple piece of encoding code to be added somewhere?
HTML code:
<html>
<head>
<title>Dan Perkins (Active)</title>
</head>
</html>
You shouldn't have to know how the text in the document is encoded. As such, findvalue returns an actual non-breaking space (U+00A0) when the document contains . As such, you'd use
split(/\xA0/, $title_string)
-or-
split(/\x{00A0}/, $title_string)
-or-
split(/\N{U+00A0}/, $title_string)
-or-
split(/\N{NBSP}/, $title_string)
-or-
split(/\N{NO-BREAK SPACE}/, $title_string)

Decode the utf8 to ISO-8859-1 mail subject to text in .procmailrc file

Set out to write a simple procmail recipie that would forward the mail if it found the text "ABC Store: New Order" in the subject.
:0
* ^(To|From).*abc#cdefgh.com
* ^Subject:.*ABC Store: New Order*
{
Unfortunately the subject field in the mail message coming from the mail server was in MIME encoded-word syntax.
Subject: =?UTF-8?B?QUJDIFN0b3JlOiBOZXcgT3JkZXI=?=
The above subject is utf-8 ISO-8859-1 charset, So was wondering if there are any mechanisms/scripts/utilities to parse this and convert to string format so that I could apply my procmail filter.
You may use perl one liner to decode Subject: before assigment to procmail variable.
# Store "may be encoded" Subject: into $SUBJECT after conversion to ISO-8859-1
:0 h
* ^Subject:.*=\?
SUBJECT=| formail -cXSubject: | perl -MEncode=from_to -pe 'from_to $_, "MIME-Header", "iso-8859-1"'
# Store all remaining cases of Subject: into $SUBJECT
:0 hE
SUBJECT=| formail -cXSubject:
# trigger recipe based also on $SUBJECT content
:0
* ^(To|From).*abc#cdefgh.com
* SUBJECT ?? ^Subject:.*ABC Store: New Order
{
....
}
Comment (2020-03-07): It may be better to convert to UTF-8 charset instead of ISO-8859-*.
You should use MIME::EncWords.
Like this
use strict;
use warnings;
use 5.010;
use MIME::EncWords 'decode_mimewords';
my $subject = '=?UTF-8?B?QUJDIFN0b3JlOiBOZXcgT3JkZXI=?=';
my $decoded = decode_mimewords($subject);
say $decoded;
output
ABC Store: New Order

How to decode an email attachment received as a Base64 text

I have an email backup file which is purely text. How can I retrieve the document (PDF, images, word files) attached to it as a normal file?
Select the long string of text which appears in your email. That is probably one of the attachments, it usually starts like this:
--bcaec554d754b0f76a04d9fda578--
--bcaec554d754b0f77204d9fda57a
Content-Type: application/pdf; name="test.pdf"
Content-Disposition: attachment; filename="Otest.pdf"
Content-Transfer-Encoding: base64
X-Attachment-Id: 9ba6310dffca527f_0.1
Copy this long string and paste it in the Base64 decoder found here.
Download the output and rename it by adding the appropriate extension to it. For example testfile.pdf or filename.docx.
There you go. You just recreated your lost attachment using Base64 decoding.
This is how to do it in PHP decode to a file
function base64_to_jpeg( $inputfile, $outputfile ) {
/* read data (binary) */
$ifp = fopen( $inputfile, "rb" );
$imageData = fread( $ifp, filesize( $inputfile ) );
fclose( $ifp );
/* encode & write data (binary) */
$ifp = fopen( $outputfile, "wb" );
fwrite( $ifp, base64_decode( $imageData ) );
fclose( $ifp );
/* return output filename */
return( $outputfile );
}
in HTML if you want to just display in web / using HTML
<img src="data:image/png;base64,Your_Base_64_Code_Here">
You can use For use as CSS background:
url('data:image/png;base64,Your_Base_64_Code_Here')