Cracking MS and Netscape Mail Pwds

Cracking Netscape and Microsoft Mail Passwords

Reported December 31, 1997 by the.avatar

Systems Affected

Systems running Netscape 3.01 Gold
Systems running Microsoft Internet Mail 4.70x

Description

Cracking the passwords for these mail clients is as easy as MIME63 decoding!

Demonstration:

NETSCAPE
The E-Mail password encryption of the "remembered password" is really weak. I"ve been able to crypt-analyse it in about 20 minutes. There is two method to break an password you"ve got: The Non-Coders one, and the
Coders one.

I tested this method only with my (oldie) Netscape Navigator 3.01Gold, but I"m sure it would work with NS2.0, even with 16bit versions. I"m still investigating for those possibilities.

!!! And for those who think Internet Explorer is safer !!!
!!! read the last section !!!

The password can be found in the registry at:
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Mail\POP Password

About the encryption
--------------------
The encryption is done that way:
1. Pass the password through an XOR key;
2. MIME encode it.
To decode, you simply reverse the operation (really! ;)

Non-Coder Method
----------------
Material needed: -Netscape Navigator installed on your computer
-A port listener/dumper
-A password!

What to do: -Go in the registry. Set the POP Password to the password you want to hack.
-Always in the registry, set the POP Server to 127.0.0.1
(HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Services\POP_Server)
-Start your port listener/dumper on port 110 (POP3)
-Go in Netscape and click "Get Mail"
-Return to your listener. Once you"re connected, type "+ok" followed by enter until you"ve got "pass xxxxxxxx" (where xxxxxxx will be the decrypted pass!)

Coderz Method
-------------
Material needed:

-Your favorite programming language (I guess qbasic would do anyway.. ;)
-A MIME64 decoder
-A password!

What to do:

-Decode the password as a MIME64 string
-XOR the password with the MIME64 encoded string found at the end of this document.

And you"ve got you"re little password...

P.S.: The key at the end of the document must be "XOR 48" to be valid. I"ve got it entering a "0000000000000 ..." password and I"m too lazy to remove this mask.. ;) So the decryption routine would do something like:

for (c=0;pass\[c\] != "\0"; c++) pass\[c\] = pass\[c\] % netscapekey\[c\];

or

for c := 1 to length(pass) do pass\[c\] := char(byte(pass\[c\]) XOR netscapekey\[c\]);

What to do with that crap?
--------------------------
I"ve coded a prototype of "trojan portscanner" which sends me the password   of the user via E-Mail when he runs the program, and it work very well!  The possibilities are almost infinite! The majority of the EMail Accounts are Internet Accounts too, so imagine what bad hackers could do!

Microsoft? Safer?
-----------------
If you are a Microsoft addicted user, look at this. The hacking of a Microsoft Mail 4.70 Password is almost the samething as the netscape one, except anybody can do it with an MIME64 decoder!

Microsoft Mail stores the password like that:

HKEY_CURRENT_USER\Software\Microsoft\Internet Mail and News\Mail\POP3

There is a sub-key created in this path, with the name of the POP3 account. In example, if I put "localhost" as POP server, I"ll have:

HKEY_CURRENT_USER\Software\...\Mail\POP3\localhost

And in this path, we"ll have an entry named password. Save the value of this password to a file, then MIME64 decode it. You have your RAW password!!!

Microsoft engineers are laziest than Netscape ones. They don"t even encrypt passwords in the registry. People says: "Internet is secure". I say: "Internet will be unsecure for... a long time!"

"Enjoy the professionnal engineering, friends!"

-the.avatar

MIME64 ENCODED STRING:
------------------------------------------

Content-Type: text/plain; charset=US-ASCII; name=netscape.key
Content-transfer-encoding: base64

ZvnfequOanJHMnMoQAC5fIAa5n+lvcrHZ0uoOXNtMTpfcWVCfIqq4PddIyMx
7xuko93hnBhTQ1C0KSOBBmGErU/oSoxgpZASV0R9A0i+R5JQsPLDo+W0wkdM
ZdVLceNPSePXEWMKTOcmp68NKqJrzhvUjI+Fa8NNKqZJ7z1/nwK5gt+cVSaU
xDj2V5PGrTHJNG2pnbO8UGVBVp0OTt1AA3wot9lcEFSjdyZytoGq0xnpzjQy
Jw7PoJlZBuos3LYMUUsI9nVqjWXbSXXXmyCvr5N9Uwjlx8R8oWsRApdbZVMO
eHHO+9df+kmUImN1xsESDD4Jc/l6/VPrrlzX0VcDWq5coxY6mvwfJ8zzJ+kg
RLV2lG7VLolCw8/KCr0FsjG6hk+JdWqP5vbtFPwbF1N+9cvnHqNLjT1zgBZg
yXvrwbL0aoBhYXWQMEELvMTyppETlJIheDQU7sjitOr8bMKdeu/L8yYlwwt4
w4/OeHAuyjr13Ep32TTmW7J/qXECWj+xnGPJxFPBCd7nURRjmuOwCGJtzlyM
egiqeqMufAuCgfVOrIn/cxCLQ2ssMYORGavupzT2sxCAV5vi3gfVA7TFZnwP
9w5faDStSe6EhTynlbLnA41dhyks6SJ3D6MyFL7CR+cDDhV7Mz1ptdpk1jxc
00i2M88G8a4Jx+ttdDZ2kV2qhQdPiR2s917S5snOFbqVDIqU4gLMODKkfPGR
+NnYUTm03KWZ94G5pTfGbUbm410cjWxStENCN21lhlnlKQjnZ403kqmk/PYP
xAgRsH+T1K/uuqQm6rAohLlR0Lla7I8zIEDEhK69jGRuLffz+H47ON1yiSYg
Dh5QeXcckDwSulwR7zDy5IQfmnylvtj1YCN62jsyJqY4sv1H0LkGYFOszovg
BlFIOi5OdIFpJ/OliZd6O+OM1edJHOtFboc37s3oz4L4v+/hZ0JtCVtYsHpK
ICjFmOJUw3hq8YH2sBHvS7mXh88R3vBl9xDkaYOmIOhavUVYbDjL6jl5a7YD
jmWfw6JYTKPFNWut72/MKWLg86uDx8t1gIKcxcYla2JMtGlct5pdaAkAxaW3
pKYX97WrPdHRERLWQSbvJnT0GfSiPGs/l4FB6X6A1XBqVCR4qdERsuOLfBvH
Ntom7k3/inf+XlwooXmnBDYLVOl8U/8h8jx5ZWe96yLMfiVD3K+Mk4EBBFAu
PIqaQr/rNdxDv/l55vgSJ3kE1SIpAclN26WAs2XGGnl2i4RBww3cM44M8SfV
vpAhKscJMa9YeXdN+eY58KD+TiEDiXZv+y1Il8lOTVuAqM+gSob1T9Fsk8bL
uxl4Bk/GjXnmTKa5WPOm2X3imzCkfDFCOoxoINGsdQebNsqO1uhK2bIP1RVq
KAOlVF5DXT/hYUNw5AYoaN2B8ULcVFX0FWuP9cne4dE0rCO8ZmoLbzGOuYSj
wDTrdbl9DHS87h41a9+9Subt6yREvyrqcFUY3i0XWSn28Yaw3Sl+fMpYPG+q
4N4toCFhjYz220irTZ9BcWswMNLf83Qeax9QuJHBgDTNgReZNMJ4r5NCr9XI
jjLf1J0+KU4phoHU8z4A/GjfKrpsaH1b97I7esSrqgisz7CT1pbq8XyguLR0
oSYCDicNAPW4aDRW3B79i1bYO6QlfTn7rckYZ4vgOlRR5MIuxHTX8QhX6CBX
zEsHAOeqKaXjzEGN4BjTTA7oXhZkMosm0wQb+j4X35Vh7w/AJUsJd2GWhSbx
K4kuJ429cj//nLkcEE/AHWSO0nsOI3PKODGJD7YcsMDIGEJHlSJkriTD58tQ
f0gH3JcICtWZlXwpX7SQPLPeMLJMHUfedsHVzzaV1tucDxehtQJEj2uoTIXM
24NeyAMK87NwCnzxT+3ZLQY52QFcdVictAYwOzU+RN3tAHEvouaDqhzfk1nW
Q4+jEAGXMLxOVR+nnftJ1iH3lyze/83Fg7bGFdJC7k+Mu3aAy6gO5XTT+uHY
5u22S8+jOdFZTrTnH1ggB50FGzD6Vfb33gxTwzSJS/iUF9FBrD5vW1IiS4Ng
9kVW/Kh+PVcM4mG5DZsYJjYejzT5Fd4jIGMVHA8cYEG16Oc47FQpKJpeQpWx
y+xBEGjT9d4WUJ9QKbh0yuogP0f4CGtHbFiuFuN7ufU7nzA0Fo+TNs0oTLir
KwdcBhupz3XC+QeqYLj4SbKgEV3b0uOm+qKbsGOnv45BJEUnjID/LmUvnBtL
vlM/kCogxVYLW1Vp9KMXB8Dbsx0MwihzRJk+BR36n8x5Yn7oIfkv86vyCQis
2yDPYeCQkg20TNgh/+8SWPdgZTmJGMHIT3uOy09l1BkUYmN9rcI/MUwbkss4
fk4/qro9SfqE+sYF39B+mp3Xm/8n4yghH3XVxfjpvQsWDJHgzDZt0hItVH0B
1LLk9vKuSyPU9b6tgyFBgFTi+Pv0UGGiBsRCh4Q4Uvid6T9d+NOBfgx3lQMx
UgC3iw8Hcl2S43hYeofgCIwnovQJH4vWyOCv/fpsDC3XWUXOwDmtzqwikMcZ
J+NC+KqhLQRpA42q1tAphwrEDu35wzbnHIWra+epVaEufnEvY+KdFPVPLbX0
BnIyrpR8UbdLgtGnERSrZNoZ0al2ojmWkQkrmmGt6N2pGZGWvET71orsVVtj
uZeC2PSGtmsbUy0mnLShv73fauLE43mnzQIqU/3SKw69O8509jHPjTxdcaQD
d9/2NBqkmyeMYWOGYHT4eKRT/YzDewjEpLWdLbyu1OMG42yXiuxZZqDkC0Yl
0KvKgxVcqho20CxEj0Ihuavchu9Bje32wxsYE/18Dp+37/XOmCjb0cza0zbS
UwnGihbTpVwM1dbPMmXEp/LR75sGNByS4zhqwLobDWg/HYhcaj5zNlWYJUTf
3HX1Ar4Nyx6hiAku3GEsCKcLSOdSwobHSz5VdkL0bYKUT8xiODa6EZlwmMa9
r0xUK1wfxFk5X8GgseKIukIzaYMtQ3GWyOV6FE8LthPIMhve4uGW6pvsk+BR
94bybuVtuOeL57aGsHWPBpg1qozC9SS3W2t0rePHHz1rzTAwSRbaPo1xGpNA
jDHVf+CvD9o3RYHJgkclZmP4aQ/xcHoqpKVvy3lORgPvulY0DihUjflbHI2j
hm7z/8MQFTsQibyIhb/J2MTygzMf81YxorWbBCtr+3BaScFWGbGXUPkozfr/
wGmsv1M98BzT3I37/j7ihWvV5VyjkZcEsWvOSR6EBlJ1MMd8+31PfjLsCMoT
YFm6wUdZTBSTwsBSow9lxNDCh+Jl0vU1HOA8hCghoVVtTADhZw5Dq1txTohn
Ys1W0zX5niApw4Bq/gZ17+bNPFsFxGDNuQ9qvDq8RpsfIidQiZ5l0yZId2uE
//xJ3E3Sq7z3jgDbpOCsROFIc+2vVfaWa9YlbMgbamEaFbqUQn7gOTHQa4lv
7ukqjLZE8gmVuDcdtSMArckyQK39J4roGzUgDLQg/VM5+9xIdpZ0WElbUUgn
0CXAFdS5kaHgBOro5vrTpyM/Mzgn4DIPkQXARBbLVIzQJtO/P3VyXCQ7cvvA
ALZI9mGQR2uy/g0ruESUMxEpDb/IqoOgx1wgo8GRgENX6dEu23JKiQUn3MtZ
9y5LBTIgeKF54468wTeIz+wUWObx3IzBRmEdcD6+wb72GJOLsSHk+p6A8tCs
049eCiJwnDqnsOb92713P/DFnjGTibtyL8V2kaRapwmzfetlsoVM70j3Yilh
jJY7mD6h8nxzZqQWb+Dqe1fpbK6STXsDgvQTyj+TFGps3aR8e8MuORJvo8p2
AGK5orTzpKVgUx5ZkDdZ1dyJar7+YWfzCGfaezz3yWH7fDI1zJsqmHa7Ouv8
xeB8SpOy5i4cvIfkC6cH9IbGtQqT80vuRPj7+6CHeoQfVwqPcfzz3/57KcNn
658Xa7T/8BuLNGKiO7Gc2w6oyb/udErpbFu170oj2EKHef+oYt4WSRgvHKTw
g70Z37fRvhupREjJqe+1ZcZNeKRaaqSQ6opgcbKACtx2eHNeWm3MGuHHVUnW
i8cCt3XUymVoQIAhPfMswL5FHVs4+RvUB6alTGlER2NvvKm0JAR+kf2zeRsP
CG1Lv+8wy4eGFS6uNMZCZ7iPlhxs+3EDpIvJhRPv/D12UaBqsT4es4WvujBw
nsLxoBeLdWsd706kqms4yclkD5epm52qC/h1rsIe9FbxvB3m2hVpqHYXlZYs
gexoMPql7MYrQzKrPOBv3D4lbUOAFIkxHJ6GwyknKw6fujLQEukZC0B2unKS
+yF2Sl3QxbqLT+QjW4G/JfE/HdMPwPcfJuJMX43ZEHnEgoGXuadbZSvoV4ka
92ARtOpQd3sGLEL1VFHS6Zd2Qy99ASqiZyTAlN8yOPoINGhyMIxFcKKyAtiV
1Sa6YBEjw6l6P2I9WeXYbGt9GBtLHZznrbYKCtqjtnoF3G3WCTvBSJyg6Z5x
FLzOCWSgl9EjYS7Ge3j0q3mJFv7Nf2g14gClLACjkQvw6XHXDnD0IvV6el/V
p8IScZqNeL29DpVVostSpKbiopwYEmn0kpB5bvF+L2JhvNW49Ynuo/le0pND
1DxG9G6QqCUDejbGti/5sCnQ3bGqMVGoJ1lLjpIR7CLiSXug7SC/ngnl7aqE
1MVxzPlYiPQ+XzPq3IHVrJ/4r4b0PP1OHtzR9fCcY3N5rpuAd/SQlgHA2aSL
i8JcKFASRSG6mxjyULMOHj/yGuaUXPlcNct3PyMJ3d+Qz8x7jlTnZjNnUU8z
vFl/XeOmOZddiS0MtnInZ4XA6qaooohXsgxMbOFYmf27RNkOW+LGJsQqlo77
bdc0EDk1V0o/p1SGksvTQVoKJINhrU8my22dgnvWLOEzfafvtTq0ps2J4rIA
ahrWP2rBUgik3ojO8/AGrupHBU2XXs9fCcySKXi86w8Q8de0imZGNW/hGYxx
JQsKRGi8eit/HUHb1ju5jCpgy05wyfMIh3r8305k6Jg6wAPvWp38iytAEuld
y884m09vTDVpRLNbBO88gKL/QcO077i3Mx6uLIPuW9qBGOmmOsHBvfMhHRp/
ikNESESr7jesgTDSz9dN/R9Oec0Hm+dNH/7tsUoLTAvvK1QD6lOi6cpquaFQ
UlHgCS4esByDwh2K0yHPAFhPyDznBiyUd8UUZZGJti8nP50TjLWpYI83hTLk
cf1yGjz0OvSsMZ/OTPXv/SUUA5B5EU7BwR5BLoTcCvlI3Ly0ofpcAttT5u74
D/9vAI6UEcUpC3HsEKNOzAdErA3JYBAPMtUNr2RjtpId9Np9464cT2njP9Tq
UeZLDI8sDHgQs69zhh0VALK8p0cWcJ8uYs4Pbw85iq+mrK93gOyMhO1ODl7T
Q++DjVVeeRYiRq0XpGRhUytOiv/O5QbjXZN33idjNyZ41hh6HmlqbAFEiu8d
V9I4w6NLZGRpqcTiQe/nYeqo1wjLfRUoDgoo/xsYW8/a2n3Ox7zI9LKKgZ2k
10u0R795buzdmVvpjZ2Lw2sl/GHB0KR2kvW3gAcYLNHKSYNSex9T20frDQOI
Thl9ZjladgBSYQMlsdOyEyB/egbN8BzH3E4VK5FPeHSeU9GlCgBod6a2++7/
UHSC/ckhUgy4GQRt7Q75AMBOhA5NIfZv54PnQf9lCorOhiEcTnMoLB9lTdwD
Qc8/6R874TcCrZ0B9JAzt2uU561OrE4ZKlRd7FNTU7NhJ0HIUV3jS8HiB7zf
BuiAJhowHb0gECDfuftyR5gMb3L4DyNw28x3RPn8iySaoZ0kvsHnnwnA/XBk
GQ70j1NEfQmAZyzpKiMENdF4dmCo7j+nWqgx7SYppHFoLym3MUtkDkms6kd1
dnujpY9LSnrkcLWJECVC1XEUevCqERgeyq796aTOys/TnCK2UlrTAxW7Rkm6
+IPRP3PY1mwYrl4idXlOJ5sME5W2KeFariHip25QqoaiZXF8Y+93j4ka/zCW
dqjVAsOmhM+j5HHjyRLae6SN9v3Y3SGZCZ2TBELGsLLP3xv6hXnHg/zltnw2
AR2Smb3kUQYmUixnhJqKXRRgjstjXROHr1xqp7F7IEhwlsVDotGBlagiOFe1
4BAWuC5penQJ0juGlW9alvi7l3npi0wFXzaDtqNdsNTLRfBiXsV91PDgPjyN
fzsYavfr7W4AavKpL1XcW6OktXEVMdzEcPzGulrxSzXZmyT7OmbqG8KIoUt8
QJrGF6vxsyIDiqPoZevaooGvGxyMaZ3vxvBC1ifpnBaiyQ2V8KfpE/Jh0YC+
RA3TK5mnV8ch+XNW1sdRA8ymuaRkTIsiA3QV0W0TwGqcbduqKVVcwKi/woaU
CEjb999TNEdj5vEbh9iXGaPIT62gCAhWiQSo778QS0ZT9vhHAiPZqAH3cGzB
d1X+QOQwHKKR+vDlW8L4F4Ztrw+e0dT8jm7ofxjorBKSTrtujTBSEAUc+J0x
Cp7Maq4ahY7WNwPzOiLxLdeaIfjkwfQYyXzE0XCHK6n6ooAr4nKsTPRTvMIn
vRvl+oiw6k9s9blBH+/RRWDfCokbhVZqtqBo4a5tVY1SrTaCkD8L1vnsswgr
xC+c3iPzAgFEN5kjxFbZ7DWAFwMt39Jzw4KXt5l4TwK3QkV+Rwo6LP1/+k11
LGIumjLalGLfEkQqNbOwPJ59lsWh5e7ZlHD1LI8OYjG0JDhYSQHLrNKx8kLx
X5XK3lanFK+VIoVce+HOPz0hzyoLDX8Gia/sitl8Y+2gN4TONS0EE0yxiv7K
tvs//ZAHMRFrhGlrreRsCBpdjEDkp2xQ24ygwK9c/w/iLTeNR8no+JMxCR0J
wCfG4E/a/YU054hNkhfFDpvbsbhkFBGINOymHRNxmkW00zkE7z1vkTxH+gBF
WaS2XJiz7JaNeJROUB5OmtJAjPvlIGpTZLOcyBtJLolzRsCLdEaN9yvf799j
qyyelZXwfrkBPBy+Aa2TFUQM5UIKJk3pVT7eRt6TRoGxYLAUZfY8U5gMH4si
/VMOCeZIWSaXkHYDXFhtj58rWs8vzGMrjy5uOzw8XObpwyCD8exHvsFOo4n2
IDr7X3P0kcX/aBzdOyJBrWvxDqRJkzM4z76lWR1jAa9I5UPqUBDd5jp21xbF
QiiVO9ZGx3fC4w==

Microsoft"s Response:

Unknown at this time

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by: the.avatar
Posted here at NTSecurity.Net February 15, 1997

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish