Save your *** in linux

How to make them do what you want, not to rant on about. Slashdot is better for rants anyway.

Save your *** in linux

Postby Doug Coulter » Sat Jan 01, 2011 4:50 pm

Pword recovery in Linux
At any rate, a major crash here -- don't half-upgrade real old
ubuntu with new firefox, which caused me to have to learn some new
things, really cool.....

Here's how to recover any password showing on a firefox screen, but hidden by dots -- paste this into the address bar (instead of
the url in there) and hit enter... a popup comes up with the pword in plaintext.

Code: Select all
javascript: var p=r();
function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}
if (!x) alert('Password not found in ' + g + ' forms');}
function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;
for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;
if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}


Scary, eh? Java script in a URL and it works? I found this on the web somewhere, if someone knows where -- add a link to this thread.
Gaaaacccckkkkk! You may have to fool with the whitespace in here due to cutting pasting issues, I keep this in a .txt file here.
I quit learning fad languages before javascript came around.

So much for "security" in firefox.

/////
Type seahorse at a terminal and allow it access to your
keyring to get back things like email passwords from evolution
(this one has been a
real toughie in the past -- usually just have to reset them
over the phone) -- it's a gui, it's pretty obvious. You double
click on the entries, and when the new window comes up with details, click show password. Bingo.

If you have an old enough version not to have keyrings, you
find that often they have your pword encoded base 64 so you can say
something like

echo "aregfia;dovij/;lc" | base64 -d

But you have to know that a lot of these include a leading/trailing char
in the file that you have to wipe out from inside those
quotes, first....usually = signs or $ signs. You'll have to find the hidden file of course to get the encoded pword from.

Now, for the really hard one. gftp

See attached file...cc this and run a.out (or rename it to something
more memorable) and give it something like ~/.gftp/bookmarks as a command line arg.

C file attached below.
gftpdec.c
GftpDecode.out

In ~/bin ( you should always make a bin directory under your home and make sure it's on your path for little programs like this -- then you won't have to type their pathnames every time)

I bet having these in the bag of tricks makes someone a hero
at some point....as in next time one of my neighbors loses it.
Here's the C file for posterity:

Code: Select all
/*

    Copyright 2005,2006 Luigi Auriemma
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.



    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
    http://www.gnu.org/licenses/gpl.txt

*/



#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifndef WIN32
    #define stricmp strcasecmp
    #define stristr strcasestr
#endif



#ifndef u_char
    typedef unsigned char   u_char;
#endif
#define VER     "0.1.1"
void delimit(u_char *data);
void gftp_descramble(u_char *data);
void std_err(void);


int main(int argc, char *argv[]) {
    FILE    *fd;
    u_char  buff[4096],
            *fname,
            *p;

    setbuf(stdout, NULL);
    fputs("\n"
        "Gftp bookmarks passwords decoder "VER"\n"
        "by Luigi Auriemma\n"
        "e-mail: aluigi@autistici.org\n"
        "web:    aluigi.org\n"
        "\n", stdout);



    if(argc < 2) {
        printf("\n"
            "Usage: %s <bookmarks>\n"
            "\n"

            "Example: ~/.gftp/bookmarks\n"
            "\n", argv[0]);
        fputs("\n  press RETURN to exit\n", stdout);
        fgetc(stdin);
        exit(1);

    }



    fname = argv[1];
    fd = fopen(fname, "rb");
    if(!fd) std_err();
    while(fgets(buff, sizeof(buff), fd)) {
        delimit(buff);
   if(buff[0] == '[') {
       printf("\n");
       continue;
   }
   p = strchr(buff, '=');
   if(!p) continue;
   *p++ = 0;
   if(!stricmp(buff, "hostname")) {
       printf("  hostname: %s\n", p);
   } else if(!stricmp(buff, "username")) { // thanx Roberto Berto!!!
       printf("  username: %s\n", p);
   } if(!stricmp(buff, "password")) {
       gftp_descramble(p);
       printf("  password: %s\n", p);
   }
    }

    fclose(fd);
    fputs("\n  press RETURN to exit\n", stdout);
    fgetc(stdin);
    return(0);

}

void delimit(u_char *data) {
    for(; *data && (*data != '\r') && (*data != '\n'); data++);
    *data = 0;
}
void gftp_descramble(u_char *data) {
    u_char  *in,
            *out;
    if(*data != '$') return;
    for(in = data + 1, out = data; in[0] && in[1]; in += 2, out++) {
       if((in[0] & 0xc3) != 0x41) break;
       if((in[1] & 0xc3) != 0x41) break;
        *out = ((in[0] & 0x3c) << 2) | ((in[1] & 0x3c) >> 2);
    }
    *out = 0;
}

void std_err(void) {
    perror("\nError");
    fputs("\n  press RETURN to exit\n", stdout);
    fgetc(stdin);
    exit(1);
}
Attachments
Saveass.txt
My original cheatsheet
(5.26 KiB) Downloaded 286 times
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 3515
Joined: Wed Jul 14, 2010 7:05 pm
Location: Floyd county, VA, USA

Re: Save your *** in linux

Postby William A Washburn » Sat Jan 01, 2011 7:23 pm

Gotta Linux boot CD that will boot into Windows, look at the registry, and ask you which password you want to change.
Back five years or so somebody screwed up our main process-control server admin password then cycled the box.
This is just a couple million lines of code that runs the whole cutting system. When the engineers saw the
silent factory floor (nothing running) I got a call and used that little CD. Took less that 1/2 hour and they were back up.
Just makes me wonder about the security of Microsoft stuff and/or why we use it.
User avatar
William A Washburn
 
Posts: 93
Joined: Fri Oct 15, 2010 8:12 am

Re: Save your *** in linux

Postby Doug Coulter » Sat Jan 01, 2011 7:54 pm

I used to use Knoppix for that (and still keep a copy) but now the Ubuntu live version does the job at least as well (nothing special needed, just the regular install disk), and I'm more used to those tools, because that's what I use all day.

You mean they had passwords in the registry *unencrypted*? Gheesh. At least they are either encrypted or hashed in linux, everywhere -- no point having them otherwise. As with most security issues, it's a tradeoff. If you really lose the root pword in linux, you may as well copy all the home and public files and then reinstall it. You're not going to be able to de-hash it with any tool I know, though one of the crackers out there might get it eventually if you have some telnet kinda ports open (but I don't, that would be a security mistake as well).

But yes, using linux to do forensics on windows (or any other opsys) is the way to go, (but belongs in a windows thread). Could be lucky most cops don't know that.
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 3515
Joined: Wed Jul 14, 2010 7:05 pm
Location: Floyd county, VA, USA


Return to Operating systems

Who is online

Users browsing this forum: No registered users and 1 guest

cron