Vulnerability Development mailing list archives
Re: [Fwd: R: Oulook password]
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Tue, 18 Apr 2000 22:25:15 -0700
Thanks for tracking that down. On mine (Win98) there's some other interesting stuff there, too.. I see some hotmail login stuff (wife uses Hotmail) and even a couple items for securityfocus.com. I'm starting to wonder if this is related to the password remembering feature in IE as well. The encoding alg. doesn't leap out at me, but I'll poke at it a bit. BB Gerardo wrote:
HKCU\software\microsoft\internet Account Manager\Accounts\0000000x Outlook 4That´s not the encrypted password. If you take those numbers and any ascii table, translate it you´ll get someting like this: 1-2- "G"-0-"e"-0-"r"-0-"a"-0-"r"-0-"d"-0-"o"-0-"2"-0-"7"-0-"D"-0-"0"-0-"4"-0-"3"-0-"A"-0-"0"-0-0 Take out the zeroes and he first two bytes (ther are always the same two, I think the say which kind of account it is) and you get: "Gerardo27D043A0" This is my account name (is the same for all the accounts) followed by 8 numbers, and they don´t change if you change your pass so they are not the encrypted password either. May be some kind of index to somewhere else? Let´s search for it in the register, ok?... mmm... OOPS!!! there it is! In fact, there are all my other accounts too! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Default*\Data\220d5cc1-853a-11d0-84bc-00c04fd43f8f\417e2d75-84bd-11d0-84bb-00c04fd43f8f\Gerardo27D043A0 There ares two values inside the key, and the first one (Behavior) doesn´t change with diferent accounts, so the other one must the password. Voila! : ) Happy password cracking!!!! =)
Current thread:
- Re: [Fwd: R: Oulook password] Gerardo (Apr 15)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- Re: [Fwd: R: Oulook password] Kurt Buff (Apr 19)
- Re: [Fwd: R: Oulook password] Dave Parkin (Apr 19)
- Re: [Fwd: R: Oulook password] Olle Segerdahl (Apr 19)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)
- <Possible follow-ups>
- Re: [Fwd: R: Oulook password] Dave Parkin (Apr 19)
- Re: [Fwd: R: Oulook password] Blue Boar (Apr 18)