Jump to content
puskin

Hack Mozilla Firefox-Password Hooking

Recommended Posts

Sincer am vazut ca va certati pe baza acetui program asa ca m-am decis sa postez programul de aflat parola la mozzila facut in VB [nu e facut de mine]

Download : http://files.filefront.com/ffpassexe/;10384783;/fileinfo.html

Si ca sa nu aud ca e Virus/Troian/Keylogger raportul e aici

http://www.virustotal.com/ro/analisis/d48f052490adf243ab351bc589304f90

Si o poza

viewer.php?img=28074554483ce382adf28

Astept pareri despre program.

Link to comment
Share on other sites

Nu merge doar punand signon2.txt si key3.db impreuna in acelasi folder, fie el si cel cu firefox.

Ca sa mearga, descarcati de pe odc tot folderul <litere aleatorii>.defeault, salvati-l intr-un loc diferit de firefox, intrati pe passcape decrypter, selectati manual firefox, duceti-va in folderul descarcat pe share si selectati signon2.txt.

Nu tot timpul iti descrifreaza toate parolele, dar in marea majoritatea a cazurilor merge.

Link to comment
Share on other sites

Am facut eu unul pentru Windows XP. Daca va place, voi face propriul topic. Deocamdata accept sugestii. Sper sa va fie de folos.

-----------------------------------------

Cum sa aflii parolele oamenilor care folosesc Firefox (sau... de ce nu e bine sa-ti pui tot C:-ul la share :P )

Inainte de a incepe, aveti nevoie de urmatoarele lucruri:

Un creier complet cu un IQ peste 20 (nu stiu de unde se poate procura unul. daca nu aveti... asta e viata)

Un decodor de parole pentru Mozilla Firefox (Eu folosesc Passcape Password Recovery). LINK : http://rapidshare.com/files/117607356/MPR.rar.html (multumesc shinnok pentru postarea linkului).

Un program DC++ ( exemple fiind oDC : http://www.softpedia.com/get/Internet/File-Sharing/Operas-DC-oDC.shtml si StrongDC : http://www.strong-dc.ro/ )

-----------------------------------------------

In acest mic tutorial am sa va invat cum puteti afla parolele oamenilor care folosesc Mozilla Firefox.

In primul rand, va voi explica cum functioneaza aceasta metoda. Dupa cum stiti, cunoscutul browser Mozilla Firefox poate tine minte parolele pe care scrii pe anumite siteuri, in acest mod, scutindu-te de 'oboseala' de a retine parole si de a le tasta de fiecare data cand vreti sa va logati pe contul dumneavoastra.

Dar, ca orice lucru stocat, si aceste parole trebuie sa EXISTE undeva in calculatorul utilizatorului Firefox, ascunse si codate, evident. Si ce ati face daca va spun, ca unii din acesti utilizatori Firefox frecventeaza si huburile DC++ si au pus la share, fie din prostie sau din necesitatea unei mari cantitati de fisiere "share-uite", tot drive-ul C: din calculatorul lor. Ce nu stiu ei este ca, fara sa vrea, au dat la liber propriile lor parole de pe siteurile pe care umbla !

Acum o sa va explic o metoda foarte simpla prin care puteti afla aceste parole.

PARTEA I

In Prima Parte o sa explic cum ajungeti in posesia parolelor CODATE ale vicitmei.

--------------------------

1) Duceti-va in C:\Documents and Settings\<numele vostru>\Application Data\Mozilla\Firefox\Profiles\(nume aleatoriu).default\

-- > Daca nu gasiti 'Application Data' trebuie sa mergeti in Control Panel, la Folder Options si sa bifati ' Show hidden Files and Folders ' din categoria "View"

2) Vedeti acel fisier <nume aleatoriu>.defeault ? Fiecare calculator care foloseste Firefox are unul asemanator, si acolo se gasesc parolele codate pe care le cautam. Acuma, am putea rascoli DC++-ul, cautand nume si cifre la intamplare, sperand ca cineva are la share si folderele ascunse.

Dar exista o metoda mult mai simpla pe care o vom aplica.

Intrati in <nume aleatoriu>.defeault si observati doua fisiere importante. Signons2.txt si Key3.db. Aceste doua fisiere contin parolele de care aveti nevoie. O sa va explic cum puteti face rost de aceste fisiere de la altii din calculatoare.

3) Intrati pe clinetul vostru DC++ (in cazul meu oDC).

4) Intrati pe un hub.

---- > De preferabil, pentru rezultate favorabile, intrati pe un hub mare cu foarte multi utilizatori (sau, cum imi place mie sa ii numesc, victime ;) )

5) Faceti click pe "Search"

6) In casuta de cautare, scrieti numele fisierul in care se afla parolele codate : signons2.txt

7) Daca hubul este mare, este o sansa destul de ridicata sa gasiti multe din aceste fisiere. NU DESCARCATI DOAR ACEST FISIER.

8 ) Alegeti o victima din search (de preferabil o victima de la care descarcati repede (min 1 MB/s)

9) Faceti right-click pe fisierul signons2.txt al victimei si apoi dati "go to file"

-- > Alegeti, de preferinta, un fisier signons2.txt care sa aiba o dimensiune mare (3-4-5+ Kb). Fisierele mari contin parole mai multe ;)

10) O sa apara doua ecrane. In cel din dreapta, se afla toate fisierele continute in "<nume aleatoriu>.defeault" al persoanei respective. In dreapta se afla "arborele genealogic" al tuturor fisierelor din calculatorul victimei.

11) Duceti-va in ecranul din stanga, dati right click pe <nume aleatoriu>.defeault si descarcati-l in calc vostru.

12) Plasati <nume aleatoriu>.defeault in orice loc (nu trebuie sa aiba legatura cu locul unde tineti Mozill Firefox) si pregatiti-va pentru PARTEA II.

13) Felicitari ! Ati facut rost de parolele codate. Acum sa le decodam.

PARTEA II

In Partea a doua va voi explica cum sa decodati parolele aflate cu ajutorul unui program de recuperare a parolelor pentru Mozilla Firefox.

-------------------------

1) Am facut rost de un fisier <nume aleatoriu>.defeault, acum sa o decodam. Instalati (sau rulati daca aveti deja instalat) un program Mozilla Firefox Password recovery (daca vreti un program bun, vedeti inceputul tutorialului, am pus un link)

2) Intrati in acel program.

3) Bifati casuta "Manual Firefox - Manual password recovery" apoi dati next.

4) Casuta Firefox program folder ar trebui sa fie completata automat.

5) In casuta Firefox Password file name dati click pe browse (sau pe "..." in cazul passcape)

6) Mergeti in locul unde ati salvat "<nume aleatoriu>.defeault" al victimei

7) Intrati in el si faceti click pe "signons2.txt"

8 ) Apoi dati next si asteptati sa se decodeze parolele.

9) GATA ! Ar trebui sa va apara un ecran unde se afla siteurile pe care a umblat victima, cat si usernameurile si parolele folosite.

10 ) Distrati-va !

-------------------------------------

Sper ca v-a fost de ajutor.

Link to comment
Share on other sites

completari:

-nu folositi "alternate search" pe clientul odc!;

-asigurativa ca aveti fisierele signons2.txt si key3.db secmod.db cert8.db;

http://rapidshare.com/files/118257396/Mozilla.zip.html

si fisierele "care dau erroare"

http://rapidshare.com/files/118545162/Firefox.zip.html

34gsdx4.jpg

-asigurati-va ca secmod si cu key3 au aceeasi dimensiune;

-fisierul key3.db contine "parola master" si cheia pt. decriptare

(fiecare user are parola proprie si unica, la fel si cheia)

-passcape are un bug la decriptare pe o anumita versiune de moz.;

ca sa scapati de aceasta erroare slot initialization failure trebuie sa modificati fisierul incriptat pentru ultima versiune de moz,

sau sa aveti un decriptor mai bun:

ftpw5s.jpg

vedeti diferentele dintre cele 2 fisiere signons2.txt cel din stanga este cel care da erroare cel din dreapta este cel asociat fisierelor postate mai sus, si merge

o sa revin cu un tutorial pentru IE 4-6 si IE 7 in curand

am postat si la programare ceva interesant..:D

Link to comment
Share on other sites

ba fratilor nu mai ma bateti la cap pe PM sa va dau metoda de aflare a parolelor la IE gandtiti-va si voi si realizati una, nu asteptati sa va dau eu informatiile si apoi repede sa bagati sute de tutoriale

Am sa va dau un indiciu totusi sa nu ziceti ca sunt rau:

Hives

The Registry is split into a number of logical sections, or "hives".[3] Hives are generally named by their Windows API definitions, which all begin "HKEY". They are abbreviated to a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM).

The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER nodes have a similar structure to each other; applications typically look up their settings by first checking for them in "HKEY_CURRENT_USER\Software\Vendor's name\Application's name\Version\Setting name", and if the setting is not found look instead in the same location under the HKEY_LOCAL_MACHINE key. When writing settings back, the reverse approach is used — HKEY_LOCAL_MACHINE is written first, but if that cannot be written to (which is usually the case if the logged-in user is not an administrator), the setting is stored in HKEY_CURRENT_USER instead.

[edit] HKEY_CLASSES_ROOT (HKCR)

Abbreviated HKCR, HKEY_CLASSES_ROOT stores information about registered applications, such as file associations and OLE Object Class IDs tying them to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.[4]

[edit] HKEY_CURRENT_USER (HKCU)

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user. The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both locations. On Windows-NT based systems, each user's settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own Documents and Settings subfolder (or their own Users subfolder in Windows Vista).

[edit] HKEY_LOCAL_MACHINE (HKLM)

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general to all users on the computer. On NT-based versions of Windows, HKLM contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM,that are found within their respective files located in the %SystemRoot%\System32\Config folder. A fifth subkey, HARDWARE, is volatile and is created dynamically, and as such is not stored in a file. Information about system hardware drivers and services are located under the SYSTEM subkey, while the SOFTWARE subkey contains software and Windows settings.

[edit] HKEY_USERS (HKU)

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user profile actively loaded on the machine, though user hives are usually only loaded for currently logged-in users.

[edit] HKEY_CURRENT_CONFIG

Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time.

[edit] HKEY_PERFORMANCE_DATA

This key provides runtime information into performance data provided by either the NT kernel itself or other programs that provide performance data. This key is not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API.

[edit] HKEY_DYN_DATA

This key is used only on Windows 95, Windows 98 and Windows Me. [5] It contains information about hardware devices, including Plug-and-Play and network performance statistics. The information in this hive is also not stored on the hard drive. The Plug and Play information is gathered and configured at startup and is stored in memory. [6]

[edit] Symbolic Links

In Windows NT based systems Symbolic Links between registry keys are supported through REG_LINK value type. Registry links work similarly to file shortcuts or filesystem Symbolic links. As such they can span across different hives, however only those visible in Native API namespace, that is \Registry\Machine and \Registry\User. Other hives like HKEY_DYN_DATA are only virtual objects in Win32 API and thus not linkable. Links are used in Windows rather scarcely, only by CurrentControlSet and Hardware Profiles\Current.

Link to comment
Share on other sites

@Offtopic:Ce sa va zic,trebuia sa il citesc mai devreme acest topic,dar acuma tovarasu Number.49 a decodat indentitatea mea pe internet.

P.S: Parolele dumneavoastra nu au fost schimbate,va rog schimbati parolele imediat dupa ce ati vazut acest reply.

Va multumesc pentru intelegere!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...