Vulnerability Development mailing list archives
Re: [Fwd: R: Oulook password]
From: gere () MAILROOM COM (Gerardo)
Date: Sat, 15 Apr 2000 18:01:23 -0300
HKCU\software\microsoft\internet Account Manager\Accounts\0000000x Outlook 4
That´s not the encrypted password. If you take those numbers and any ascii table, translate it you´ll get someting like this: 1-2- "G"-0-"e"-0-"r"-0-"a"-0-"r"-0-"d"-0-"o"-0-"2"-0-"7"-0-"D"-0-"0"-0-"4"-0-"3"-0-"A"-0-"0"-0-0 Take out the zeroes and he first two bytes (ther are always the same two, I think the say which kind of account it is) and you get: "Gerardo27D043A0" This is my account name (is the same for all the accounts) followed by 8 numbers, and they don´t change if you change your pass so they are not the encrypted password either. May be some kind of index to somewhere else? Let´s search for it in the register, ok?... mmm... OOPS!!! there it is! In fact, there are all my other accounts too! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Default*\Data\220d5cc1-853a-11d0-84bc-00c04fd43f8f\417e2d75-84bd-11d0-84bb-00c04fd43f8f\Gerardo27D043A0 There ares two values inside the key, and the first one (Behavior) doesn´t change with diferent accounts, so the other one must the password. Voila! : ) Happy password cracking!!!! =)
Ps. Sorry for my english!
Me too! : ) Bye! Gerardo.-
Fromfar, far away...
-----Mensaje original----- De: Blue Boar [SMTP:BlueBoar () THIEVCO COM] Enviado el: Sábado 15 de Abril de 2000 2:28 PM Para: VULN-DEV () SECURITYFOCUS COM Asunto: [Fwd: R: Oulook password] Hap2782 wrote:
HKCU\software\microsoft\internet Account Manager\Accounts\0000000x Outlook 4 -----Messaggio originale----- Da: Blue Boar <BlueBoar () thievco com> A: Hap2782 <Hap2782 () LIBERO IT> Data: sabato 15 aprile 2000 18.51 Oggetto: Re: Oulook passwordWhere does the key live? (What registry path) What version of Outlook are you looking at? BBHap2782 wrote: What's the algorithm used by Outlook to crypt pop3-passwords into registry? Ps. Sorry for my english! Thank you
Current thread:
- Re: [Fwd: R: Oulook password] Gerardo (Apr 15)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- Re: [Fwd: R: Oulook password] Kurt Buff (Apr 19)
- Re: [Fwd: R: Oulook password] Dave Parkin (Apr 19)
- Re: [Fwd: R: Oulook password] Olle Segerdahl (Apr 19)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- <Possible follow-ups>
- Re: [Fwd: R: Oulook password] Dave Parkin (Apr 19)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)