At any rate, a major crash here -- don't half-upgrade real old
ubuntu with new firefox, which caused me to have to learn some new
things, really cool.....
Here's how to recover any password showing on a firefox screen, but hidden by dots -- paste this into the address bar (instead of
the url in there) and hit enter... a popup comes up with the pword in plaintext.
- Code: Select all
javascript: var p=r();
function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}
if (!x) alert('Password not found in ' + g + ' forms');}
function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;
for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;
if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}
Scary, eh? Java script in a URL and it works? I found this on the web somewhere, if someone knows where -- add a link to this thread.
Gaaaacccckkkkk! You may have to fool with the whitespace in here due to cutting pasting issues, I keep this in a .txt file here.
I quit learning fad languages before javascript came around.
So much for "security" in firefox.
/////
Type seahorse at a terminal and allow it access to your
keyring to get back things like email passwords from evolution
(this one has been a
real toughie in the past -- usually just have to reset them
over the phone) -- it's a gui, it's pretty obvious. You double
click on the entries, and when the new window comes up with details, click show password. Bingo.
If you have an old enough version not to have keyrings, you
find that often they have your pword encoded base 64 so you can say
something like
echo "aregfia;dovij/;lc" | base64 -d
But you have to know that a lot of these include a leading/trailing char
in the file that you have to wipe out from inside those
quotes, first....usually = signs or $ signs. You'll have to find the hidden file of course to get the encoded pword from.
Now, for the really hard one. gftp
See attached file...cc this and run a.out (or rename it to something
more memorable) and give it something like ~/.gftp/bookmarks as a command line arg.
C file attached below.
gftpdec.c
GftpDecode.out
In ~/bin ( you should always make a bin directory under your home and make sure it's on your path for little programs like this -- then you won't have to type their pathnames every time)
I bet having these in the bag of tricks makes someone a hero
at some point....as in next time one of my neighbors loses it.
Here's the C file for posterity:
- Code: Select all
/*
Copyright 2005,2006 Luigi Auriemma
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
http://www.gnu.org/licenses/gpl.txt
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifndef WIN32
#define stricmp strcasecmp
#define stristr strcasestr
#endif
#ifndef u_char
typedef unsigned char u_char;
#endif
#define VER "0.1.1"
void delimit(u_char *data);
void gftp_descramble(u_char *data);
void std_err(void);
int main(int argc, char *argv[]) {
FILE *fd;
u_char buff[4096],
*fname,
*p;
setbuf(stdout, NULL);
fputs("\n"
"Gftp bookmarks passwords decoder "VER"\n"
"by Luigi Auriemma\n"
"e-mail: aluigi@autistici.org\n"
"web: aluigi.org\n"
"\n", stdout);
if(argc < 2) {
printf("\n"
"Usage: %s <bookmarks>\n"
"\n"
"Example: ~/.gftp/bookmarks\n"
"\n", argv[0]);
fputs("\n press RETURN to exit\n", stdout);
fgetc(stdin);
exit(1);
}
fname = argv[1];
fd = fopen(fname, "rb");
if(!fd) std_err();
while(fgets(buff, sizeof(buff), fd)) {
delimit(buff);
if(buff[0] == '[') {
printf("\n");
continue;
}
p = strchr(buff, '=');
if(!p) continue;
*p++ = 0;
if(!stricmp(buff, "hostname")) {
printf(" hostname: %s\n", p);
} else if(!stricmp(buff, "username")) { // thanx Roberto Berto!!!
printf(" username: %s\n", p);
} if(!stricmp(buff, "password")) {
gftp_descramble(p);
printf(" password: %s\n", p);
}
}
fclose(fd);
fputs("\n press RETURN to exit\n", stdout);
fgetc(stdin);
return(0);
}
void delimit(u_char *data) {
for(; *data && (*data != '\r') && (*data != '\n'); data++);
*data = 0;
}
void gftp_descramble(u_char *data) {
u_char *in,
*out;
if(*data != '$') return;
for(in = data + 1, out = data; in[0] && in[1]; in += 2, out++) {
if((in[0] & 0xc3) != 0x41) break;
if((in[1] & 0xc3) != 0x41) break;
*out = ((in[0] & 0x3c) << 2) | ((in[1] & 0x3c) >> 2);
}
*out = 0;
}
void std_err(void) {
perror("\nError");
fputs("\n press RETURN to exit\n", stdout);
fgetc(stdin);
exit(1);
}