Password Crack?

Tricks, Hacks, Tools, other Add-ons, etc.

Moderators: Big-O Ryan, Big-O Mark

fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

xWastedMindx wrote:
Plasma2002b wrote:hey wasted.... where did ya end up getting that from anyways? im sure id find it if i were to look, but i never bothered before.

j/w
Getting What? From Where? what are you talking about?
Are you talking about where in the registry??

If that's what you're talking about.. here:
HKEY_CURRENT_USER\Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users\YOUR LOGIN NAME\Login

But of course that is on Windows.. I know it's different with NT/2000/XP
aaii
Addict
Addict
Posts: 33
Joined: Mon Oct 07, 2002 1:49 pm
Contact:

Post by aaii »

to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy :D

Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

aaii wrote:to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy :D

Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
You sound like you know what you're talking about. You into programming or the sort? :)
User avatar
Plasma2002b
Extreme Groupie
Extreme Groupie
Posts: 976
Joined: Thu Jul 18, 2002 11:36 pm
Location: Riverside, Ca
Contact:

Post by Plasma2002b »

ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......

if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
Image

its teh infamous life of brian gaut to teh max0r!
aaii
Addict
Addict
Posts: 33
Joined: Mon Oct 07, 2002 1:49 pm
Contact:

Post by aaii »

xWastedMindx wrote:
aaii wrote:to stop the average layman who knows how to use regedit from getting it. Just because how to do it can be typed out in a few lines doesn't mean that it would be easy :D

Many programs use a two-way hash, you need to if the password must be retrieved later. If your program can revert it back to its original form while you are logged on then it is theoretically possible for you to get that password.
You sound like you know what you're talking about. You into programming or the sort? :)
I dabble ;)
aaii
Addict
Addict
Posts: 33
Joined: Mon Oct 07, 2002 1:49 pm
Contact:

Post by aaii »

Plasma2002b wrote:ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......

if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
It does very much depend on whether the client sends the password in its encoded form (as I stated ;)). If it does then my method is pretty meaningless. Perhaps it's time to fire up my packet sniffer and API hooker :lol:. Though, I really can't be arsed as I have no use for hacking passwords :)

I'm sure they have thought it through a lot more after what happened in the previous versions.
ziekke
Just Registered
Just Registered
Posts: 4
Joined: Sun Dec 29, 2002 11:07 am
Contact:

Passwords...

Post by ziekke »

Well, considering the fact that sending an unencrypted password over the net isnt the kind of thing done these days, its highly unlikely that the passwords for your AIM profile go out plain-text.

xWastedMindx, I think you need to relax a little on the "Post Reply" button, as most of your posts make little or no sense. :roll:

It may be all find and dandy to figure out how the passwords are encrypted, then crack your own (as you conveniently have access to your own registry, where this encrypted password is stored). You now need to find a way to obtain this information from the person's password you are trying to crack.

Are you going to physically get into their computer and snag this information from their registry? Given the nature of the original question, its highly unlikely people doing this are doing it to people that live down their street. Doubtful.
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Re: Passwords...

Post by fuuucckkers »

ziekke wrote:xWastedMindx, I think you need to relax a little on the "Post Reply" button, as most of your posts make little or no sense. :roll:
They make perfect sense!! :roll: ...most of the time anyways. Sometimes I just ramble on, but I went back and reread this thread from almost a month ago, and it makes sense to me! :)
User avatar
Plasma2002b
Extreme Groupie
Extreme Groupie
Posts: 976
Joined: Thu Jul 18, 2002 11:36 pm
Location: Riverside, Ca
Contact:

Post by Plasma2002b »

SN=xxmrdreddxx
Encrypted pass= xUf/J+Rzd+D4jhBCxFnFKDZeh9qJITj43lt3+jPz5xI=



Heres a place for yall to get started...... now.... lets see if any of ya can decode that into a pass
Image

its teh infamous life of brian gaut to teh max0r!
User avatar
SNiiP3R
Addict
Addict
Posts: 62
Joined: Wed Sep 18, 2002 9:38 am
Contact:

Post by SNiiP3R »

AIM use MD5 Encryption , well most people call it *Encryption* but really its not. It's a Hash , which means there is no way to go back :)
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

I found it! HA!! HAHAHA!! 8)

Now only if anyone knows Perl, you can run this program and make it work. Unfortuantely this method only works for 4.x series.. or so it says.

http://www.unixwiz.net/tools/aimpass.html

Read that. :P

There's also a 'tool' you can download called Advanced IM Password Recovery.. by ElcomSoft. Same company that has pass recovery for .zip and .rar archiving as well.

http://www.elcomsoft.com/aimpr.html

I'm working with the app right now.. i'll report my findings.

Someone use that Perl program and make it work!!
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

Alright, my findings on the program Advanced IM Password Recovery.

I downloaded the newest version available, 1.50 and it unfortunately does not support AIM 4.8.2790 and I assume the 5.x series as well. I don't want to downgrade to figure out what's the lowest version of AIM it supports.
The only limitation of the trial version program is that you can't decode passwords longer than 3 characters.

Anyways, I did happen to find a crack for it, which then I installed Advanced IM PR version 1.21, with crack applied. It still didn't offer me any luck as the AIM version I have is still unsupported. (4.8.2790).

Although it is a very good program, as it was able to tell me my Yahoo Password, I would wait a bit longer for anything new for higher AIM versions to be supported. It's still a fairly new program by ElcomSoft. This cracked version I have now 1.21 is the first public release. Just give it some time and keep checking back on it and I'll report the progress if any in the future of this nice little tool. :P
User avatar
Master Jedi
Guru
Guru
Posts: 1161
Joined: Sat Jun 15, 2002 10:34 pm
Contact:

Post by Master Jedi »

aaii wrote:
Plasma2002b wrote:ehh.... true....
but i really dont think aim would leave this kinda thing around so users could exploit it. like said above, its probably an in-house thing they figured up themselves.... like somehow that only the encrypted can be decrypted using only one algorith that the aim server has......

if im not making sense , i dont doubt it. im not really all into password algorithms and decoding with them and the such.
It does very much depend on whether the client sends the password in its encoded form (as I stated ;)). If it does then my method is pretty meaningless. Perhaps it's time to fire up my packet sniffer and API hooker :lol:. Though, I really can't be arsed as I have no use for hacking passwords :)

I'm sure they have thought it through a lot more after what happened in the previous versions.
AIM passwords are only ENCRYPTED by the AIM software. When you change your password, it is encrypted and saved in the registry. When you log in, the encrypted version of the password you enter is compared to the encrypted version on the server. However...the encryption IS reversible or at least the old version was. Not too long ago, they changed the method of encrypting passwords because the old one was so easy to crack. I haven't managed an inverse for the new one...I'm beginning to think it's just a textual representation of an irreversible password hash.
User avatar
got mojo
Just Registered
Just Registered
Posts: 3
Joined: Tue Dec 03, 2002 11:33 pm
Location: PA, USA
Contact:

Post by got mojo »

I might sound like an idiot for saying this...I don't know anything about programming or encryption or anything like that...but if the password that needs hacking is on your own computer, you can always download a key logger.

*shrug*

~Kevin
"Why is it that we rejoice at a birth and grieve at a funeral? It is because we are not the person involved."
fuuucckkers
Moderator
Moderator
Posts: 815
Joined: Sun Sep 22, 2002 3:33 pm
Contact:

Post by fuuucckkers »

got mojo wrote:I might sound like an idiot for saying this...I don't know anything about programming or encryption or anything like that...but if the password that needs hacking is on your own computer, you can always download a key logger.
I've tried it before.. a few different apps actually. None of them seem to work properly. :-?
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests