Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICQ Pass Cracker.

From: kerb () FNUSA COM (Kerb)
Date: Sun, 30 Jan 2000 13:45:21 -0600

On Wednesday, January 26, 2000 11:03 PM, Blue Boar [SMTP:BlueBoar () THIEVCO COM]
wrote:
| WolF Knox wrote:
| > One day i was doing absolutely nothing on the net and i though, hell,
| > why not make a password crack for ICQ since it's only 8 chars? something
| > like, you put that long-lost-UIN-with-fake-email in a field and the
| > program will try all the possibles combinations to discover the
| > password, of course, 8 chars is relatively small....the program would
| > need to have some kind of pause/resume system, like you try today, you
| > need to disconnect, you pause, go offline, later you come back and try
| > again resuming since the point you stopped.
|
| Please elaborate.  Is there a local ICQ password on the HD that can be
| poked at?  Do you know what the allowed character set is?  Or are you
| talking about bruting the ICQ servers?  If it's the latter, 8 characters
| can take a long, long time across a network, and that's assuming there is
| no lockout feature.
|
|                                       BB

        I am sure there ( are | can easily be written ) local crackers for ICQ.  At
least
version 99a.  If you check back in BugTraq from approx. 4 - 6 months ago, there
was
a message about ICQ99 storing passwords in cleartext in <youruin>.dat.  I have
examined
my dat files, but they are so cluttered that I cannot find a pattern on where
it is stored.   It is
never on the same line in every file,  and nothing else I could find to mark a
definate spot on
where it would be.  I'm sure someone can find that pattern.  Hell, a "strings
123456.dat | grep -v iU"
would narrow down your search by probably half (iUserSound, etc all over the
file).  As far as
cracking it via the ICQ Servers, I find that at least mildly retarded.  You
figure
256^8 + 256^7 + 256^6, etc etc etc comes out with a whole helluva lot of
possible passwords
(and yes, control chars CAN be used) that would take forever on even a T1, and
would leave
a horrible mess in the logs on the servers.  Call me crazy, but I'd probably
notice it.

        -Kerb-
Previous By Date Next
Previous By Thread Next

Current thread: