Full Disclosure mailing list archives
Re: AIM saved password storing
From: Bort Vern <bortvern () gmail com>
Date: Tue, 16 Nov 2004 08:13:07 -0500
This is exactly the kind of shenanigans that worked on old AOL clients, haven't looked at it in about 5 or so years though. I wouldn't be surprised if you couldn't just export the registry for the AOL client, change the password, then export again and do a diff between the files to find the encoded password. However, I wouldn't install the AOL client long enough to try... On Mon, 15 Nov 2004 19:00:09 -0500, ntx0f <ntx0f () seteuid com> wrote:
Anyone ever check out the way AIM stores passwords? The hash is in the registry and reusable. I'm not sure there's a good way to save the passwords but by copying the hash and making the proper registry keys you can use the hash on any other computer. I had some code to do this that would retrieve the hash and put it in a registry file or just a text file it could read back but I dont feel like looking for it. Nothing too special just figured I'd bring it up as I haven't seen this done anywhere.
-- _____________________ Serablue Inc., Nonprofit http://www.serablue.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AIM saved password storing ntx0f (Nov 15)
- Re: AIM saved password storing Bort Vern (Nov 16)
- Re: AIM saved password storing Ill will (Nov 16)
- Re: AIM saved password storing Bort Vern (Nov 16)