Crack .Net Sofware Authentication
I want to crack a dot net framework software that uses mysql coonection to validate the user.
First I used wireshark to capture some packets to see what is inside the box:
1 - The software uses a mysql login request, with user=activation and password=6462xe... (that of course is encrypted) to the host 177.xxx.xxx.xxx:3306.
2 - After the response is ok it does another query "SHOW VARIABLES" then it gets 12 responses
3 - After the responses, its does another series of querys, "SHOW COLLATION", "SELECT DATE_FORMAT(expiration....) from ACCOUNTS WHERE EMAIL=XXXX.XXXX"
4 - The querys continues, I already know a little about mysql, and I know and understand all the queries for this authetication.
Now the problem is that I dont know how to edit the responses that I received to control this authetication.
Correct if I am wrong:
1 - I need to change the target host ip, to my ip localhost.
2 - I have to emulate all the login response and querys in my localhost.
At first I tried to use fiddler2 to sniff and edit, but it only gets HTTP requests. Can someone tell me a tool that could help me with this or show me the right way to do ?
Is my first time cracking.
Thanks