Nmap Development mailing list archives
Re: Including sqlite for Lua?
From: Gutek <ange.gutek () gmail com>
Date: Mon, 05 Apr 2010 17:57:59 +0200
Nothing to do with lua, but sqlite : we've published something about the way FF stores the credentials a few monthes ago. It was for a passwords manager. I've translated the paper for you, if this could help : "" Since a few versions Firefox stores saved passwords in a SQLite database named signons.sqlite, instead of the previous text-file format (signons2.txt, signons3.txt). Regarding encryption, it's 3DES ( EDE mode), and the key is stored inside key3.db. So, in order to de-cypher and retrieve those credentials we have to use the PKCS#11 API and NSS (Network Security Services), a crypto library developped by Mozilla and obviously used by Firefox. Quickly, starting to develop this tiny code which seemed to me trivial at the begining, I've noticed that the difficulty was strangely not due to the code itself, but to the Mozilla's API NSS which is very poorly documented (second link with the key words "nss api" on Google : “NSS API is lack of doc | Linux Developer Network” …). Finaly I prefered reverse engeneering a closed source malware with Ollydbg, which was retrieveing those credentials for malicious purposes. Thoses libraries apart (for the crypto side of the problem), we'll have to use SQLite so as to read signons.sqlite. Here is the scheme for the the moz_logins table which interests us : CREATE TABLE moz_logins (id INTEGER PRIMARY KEY, hostname TEXT NOT NULL, httpRealm TEXT, formSubmitURL TEXT, usernameField TEXT NOT NULL, passwordField TEXT NOT NULL, encryptedUsername TEXT NOT NULL, encryptedPassword TEXT NOT NULL, guid TEXT, encType INTEGER); ...And here is the code, in C, with a light use of the win32 API, which alows us to retrieve the credentials : (to long to post here, see http://fz-corp.net/?p=199 ) See also http://github.com/lacostej/firefox_password_dump for a variant. "" Regards, A.G. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Including sqlite for Lua? Ron (Apr 05)
- Re: Including sqlite for Lua? Gutek (Apr 05)
- Re: Including sqlite for Lua? Ron (Apr 05)
- Re: Including sqlite for Lua? Gutek (Apr 05)