Lastpass auth help

Discussion in 'Cracking Discussions & Help Forum' started by NicePanda, Nov 16, 2015.

  1. NicePanda

    NicePanda Basic Member

    Messages:
    448
    Likes:
    110
    Ratio:
    0.17
    Hi crackingcore,

    So i tried to make a lastpass config today but i'm stuck at one last part.

    If you debug the login of lastpass (mobile and web are the same) you get this :

    POST https://lastpass.com/login.php? HTTP/1.1
    Host: lastpass.com
    Connection: keep-alive
    Content-Length: 449
    Accept: */*
    Origin: https://lastpass.com
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Referer: https://lastpass.com/
    Accept-Encoding: gzip, deflate
    Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
    Cookie: lang=nl_NL; __utma=266529555.1991897462.1446468180.1447700306.1447703199.5; __utmb=266529555.1.10.1447703199; __utmc=266529555; __utmz=266529555.1447697574.3.2.utmcsr=alternativeto.net|utmccn=(referral)|utmcmd=referral|utmcct=/software/lastpass/; PHPSESSID=p51Fn5uVkm98fQG2iAroc8t1Kt1

    method=web&hash=9bc5f2811c99eddda7a0e9f747c972194b311e3abb59b20ccd089530b5ec281d&xml=1&adlogin=&username=test%40gmail.com&fullusername=&encrypted_username=1mbeQi9ehdHXvD4gmTbVrQ%3D%3D&otp=&gridresponse=&multifactorresponse=&trustlabel=&uuid=&sesameotp=&lcid=&lcidhash=&domain=&iterations=1&origusername=&outofbandsupported=1&outofbandrequest=0&outofbandretry=0&outofbandretryid=&starttrial=0&canexpire=1&cansetuuid=0&email=test%40gmail.com&password=
    i already found out how to do the hash= but i'm still struggling on how to do the "encrypted_username" ...

    in this example i used [email protected] and in the source of the login page you see this :

    var eu = get("encrypted_username");
    eu.value = enc(u.value);
    this makes the hash 1mbeQi9ehdHXvD4gmTbVrQ==

    Via chrome debugger:
    [​IMG]

    So if anyone knows what the enc() does and how to implement this in sentry reply here or shoot me a pm. thanks :)
     
  2. Luxor

    Luxor Member

    Messages:
    281
    Likes:
    56
    Ratio:
    0.08
    Whew totally irrelevant but how'd you even get the hash? I mean i get it is SHA256(SHA256(fix_username(g_username) + res[0].getAttribute("type")) I dont get the second part of getAttribute, I tried double encrypting the username with sha256 but it gives a diff value! How'd you do that?
     
  3. NicePanda

    NicePanda Basic Member

    Messages:
    448
    Likes:
    110
    Ratio:
    0.17
    thats just sha256(sha256(email and password)password) took me a while to find it :)
     
    Luxor likes this.
  4. sidorovcash

    sidorovcash Member

    Messages:
    184
    Likes:
    7
    Ratio:
    0.01
    What it does is AES encryption:



    function enc(a, b, c) {
    if ("undefined" != typeof lp_iscbc && lp_iscbc && !c)
    return enccbc(a, b);
    if (null == a || 0 == a.length)
    return "";
    if (!("undefined" != typeof b && null != b)) {
    if ("string" != typeof g_local_key || 0 == g_local_key.length) {
    if ("undefined" == typeof ischrome || lploggedin)
    g_one_alert || (g_one_alert = 1,
    alert("No encryption key found, forcing logoff!")),
    force_logout();
    return ""
    }
    b = g_local_key
    }
    return AES.Encrypt({
    pass: b,
    data: a,
    b64: !0,
    bits: 256
    })
    }


    As you can see, it relies on some global variables, such as g_local_key. I am not sure how are you gonna get that though.
     

Share This Page