Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: "Thor Larholm" <thor () pivx com>
Date: Wed, 3 Mar 2004 18:03:05 -0800
From: Larry Seltzer [mailto:larry () larryseltzer com]if you can read the users login credentials to his corporate mailserver you are far better off.
Rather casually put. How would you do this? I've heard how Swen asks the user for their credentials, but if you know a general crack for obtaining them I'd say that's news.
I wouldn't call it news, try googling for "Outlook Express Password Recovery" and you will find numerous commercial solutions that programmatically give you the password. It's stored in a key called Password2 under HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001 where 00000001 is the account number. The same applies to Outlook and any other mail application that allows the user to store their password locally. Since POP3 and SMTP are plaintext protocols the login credentials need to be stored in a form that can have them decrypted. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- ProFtp bufferoverflow. Frederic Charpentier (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: ProFtp bufferoverflow. Epic (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Critical WFTPD buffer overflow vulnerability Geo. (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)