EvilZone

Hacking and Security => Hacking and Security => Topic started by: xor on June 11, 2015, 05:29:08 AM

Title: [Password Recovery] MYOB EXO Payroll
Post by: xor on June 11, 2015, 05:29:08 AM

MYOB Exo Payroll is an payroll package used by a lot of small companies.
My accounts department didn't want to give me access to the file, to do file verification, so I had to find out the password myself.

Login details for all accounts are stored in the APPUSERS.DBF file.
You can read it using any text editor.

MYOB appear to be using a straight swap cipher to encode their passwords:
Numbers appear to be unswapped.

Here is an example of some ciphered (CPASS) and deciphered (DPASS) passwords.
The translation table is listed below.


CPASS    DPASS
---------------
IZX97    KQE97
BJ8959   CJ8959
BMULW    CFTHY
0268     0268
---------------


A = M
B = N
C = B
D = V
E = C
F = X
G = Z
H = L
I = K
J = J
K = H
L = G
M = F
N = D
O = S
P = A
Q = P
R = O
S = I
T = U
U = Y
V = T
W = R
X = E
Y = W
Z = Q
1 = 1
2 = 2
3 = 3
... etc








-- xor

Title: Re: [Password Recovery] MYOB EXO Payroll
Post by: kenjoe41 on June 15, 2015, 12:21:21 AM

Can't believe this is still used. Not even a high school kid uses these cipher encodings to store there passwordsin there play programs.