ITPub博客

首页 > Linux操作系统 > Linux操作系统 > Windows XP/2003 MSN Password Decrypter

Windows XP/2003 MSN Password Decrypter

原创 Linux操作系统 作者:coolwinds 时间:2005-09-06 10:15:48 0 删除 编辑
The information has been provided by ViPeR.
To keep updated with the tool visit the project's homepage at: http://www.infogreg.com/source-code/gpl/msn-messenger-password-decrypter-for-windows-xp-and-2003.html[@more@]

The following tool will decrypt the MSN password stored by the Windows operating system.

Tool Code:
/*
* MSN Messenger Password Decrypter for Windows XP & 2003
* (Compiled-VC++ 7.0, tested on WinXP SP2, MSN Messenger 7.0)
* - Gregory R. Panakkal
* http://www.crapware.tk/
* http://www.infogreg.com/
*/

#include
#include
#include

#pragma comment(lib, "Crypt32.lib")

//Following definitions taken from wincred.h
//[available only in Oct 2002 MS Platform SDK /
LCC-Win32 Includes]

typedef struct _CREDENTIAL_ATTRIBUTEA {
LPSTR Keyword;
DWORD Flags;
DWORD ValueSize;
LPBYTE Value;
}
CREDENTIAL_ATTRIBUTEA,*PCREDENTIAL_ATTRIBUTEA;

typedef struct _CREDENTIALA {
DWORD Flags;
DWORD Type;
LPSTR TargetName;
LPSTR Comment;
FILETIME LastWritten;
DWORD CredentialBlobSize;
LPBYTE CredentialBlob;
DWORD Persist;
DWORD AttributeCount;
PCREDENTIAL_ATTRIBUTEA Attributes;
LPSTR TargetAlias;
LPSTR UserName;
} CREDENTIALA,*PCREDENTIALA;

typedef CREDENTIALA CREDENTIAL;
typedef PCREDENTIALA PCREDENTIAL;

////////////////////////////////////////////////////////////////////

typedef BOOL (WINAPI *typeCredEnumerateA)(LPCTSTR,
DWORD, DWORD *, PCREDENTIALA **);
typedef BOOL (WINAPI *typeCredReadA)(LPCTSTR, DWORD,
DWORD, PCREDENTIALA *);
typedef VOID (WINAPI *typeCredFree)(PVOID);

typeCredEnumerateA pfCredEnumerateA;
typeCredReadA pfCredReadA;
typeCredFree pfCredFree;

////////////////////////////////////////////////////////////////////

void showBanner()
{
printf("MSN Messenger Password Decrypter for Windows XP/2003n");
printf(" - Gregory R. Panakkal, http://www.infogreg.com nn");
}

////////////////////////////////////////////////////////////////////
int main()
{
PCREDENTIAL *CredentialCollection = NULL;
DATA_BLOB blobCrypt, blobPlainText, blobEntropy;

//used for filling up blobEntropy
char szEntropyStringSeed[37] = "82BD0E67-9FEA-4748-8672-D5EFE5B779B0"; //credui.dll
short int EntropyData[37];
short int tmp;

HMODULE hDLL;
DWORD Count, i;

showBanner();

//Locate CredEnumerate, CredRead, CredFree from advapi32.dll
if( hDLL = LoadLibrary("advapi32.dll") )
{
pfCredEnumerateA =(typeCredEnumerateA)GetProcAddress(hDLL, "CredEnumerateA");
pfCredReadA = (typeCredReadA)GetProcAddress(hDLL, "CredReadA");
pfCredFree = (typeCredFree)GetProcAddress(hDLL, "CredFree");

if( pfCredEnumerateA == NULL|| pfCredReadA == NULL || pfCredFree == NULL )
{
printf("error!n");
return -1;
}
}

//Get an array of 'credential', satisfying the filter
pfCredEnumerateA("Passport.Net*", 0, &Count, &CredentialCollection);

if( Count ) //usually this value is only 1
{

//Calculate Entropy Data
for(i=0; i<37; i++) // strlen(szEntropyStringSeed) = 37
{
tmp = (short int)szEntropyStringSeed[i];
tmp <<= 2;
EntropyData[i] = tmp;
}

for(i=0; i {
blobEntropy.pbData = (BYTE *)&EntropyData;
blobEntropy.cbData = 74; //sizeof(EntropyData)

blobCrypt.pbData = CredentialCollection[i]->CredentialBlob;
blobCrypt.cbData = CredentialCollection[i]->CredentialBlobSize;

CryptUnprotectData(&blobCrypt, NULL, &blobEntropy, NULL, NULL, 1, &blobPlainText);

printf("Username : %sn", CredentialCollection[i]->UserName);
printf("Password : %lsnn", blobPlainText.pbData);
}
}

pfCredFree(CredentialCollection);
}

/* EoF */

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/83980/viewspace-805958/,如需转载,请注明出处,否则将追究法律责任。

上一篇: P2P Pro Command DoS
下一篇: CUPS Dot-Slash DoS
请登录后发表评论 登录
全部评论

注册时间:2012-10-23

  • 博文量
    253
  • 访问量
    950555