Full Disclosure mailing list archives
Re: New Tool - Flashfxp Password Decryptor Released !
From: Valdis.Kletnieks () vt edu
Date: Mon, 09 May 2011 08:21:34 -0400
On Mon, 09 May 2011 17:38:30 +0530, Nagareshwar Talekar said:
FlashFXP stores the password for all the configured FTP sessions in the local file called âsites.datâ. Passwords are encrypted with XOR based encoding mechanism using the magic string as âyA36zA48dEhfrvghGRg57h5UlDv3â³.
A magic string of upper/lower/numeric. That just makes Baby Cryptographer Jesus cry... At that point, one has to wonder what *else* FlashFPX does terribly wrong. I'm sure you brilliant guys can find lots of hilarious uses for feeding it an ftp:// URI of your own choosing. :)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Tool - Flashfxp Password Decryptor Released ! Nagareshwar Talekar (May 09)
- Re: New Tool - Flashfxp Password Decryptor Released ! Valdis . Kletnieks (May 09)
- Re: [Full-disclosure] New Tool - Flashfxp Password Decryptor Released ! Nicolai (May 09)
- Re: [Full-disclosure] New Tool - Flashfxp Password Decryptor Released ! Valdis . Kletnieks (May 09)
- Re: New Tool - Flashfxp Password Decryptor Released ! Alexander Cherepanov (May 09)
- Re: [Full-disclosure] New Tool - Flashfxp Password Decryptor Released ! Nicolai (May 09)
- Re: New Tool - Flashfxp Password Decryptor Released ! Valdis . Kletnieks (May 09)