Sign In Sign-Up

Welcome!

Close

Would you like to make this site your homepage? It's fast and easy...

Yes, Please make this my home page!

No Thanks

  Don't show this to me again.

Close

Release Date  : 05th Sept 2000 Time 0020 hrs

Hacking Yahoo Mail Accounts & Intranet Proxy Passwords

Here is a simple method how to get password for all people who use Yahoo messenger.......
We all know by now that Yahoo messenger is a great tool for messaging . I like using it since it lets me keep in touch with my lips. It has good features like integration of the messenger with mail.yahoo.com and it uses the same ids as the mailid to provide the users a one click access to the yahoo mailbox. This is where the bug is.Yahoo caches the password of the yahoo mail account in registry. In case person reading this article doesnt understand Windows Registry I would advice u to ignore this article and just understand u can be hacked if you are using Yahoo Messenger and have checked the save password option of Yahoo messenger. For the rest who understand the techincal jargon read on.

Breaking the Yahoo Mail Password..
Once you have checked save password option in login box of Yahoo messenger. It saves the password in the following registry location.
Registry Key :HKCU\Software\Yahoo\Pager\Alerts\Options String
I actually expected the value stored to be atleast encrypted but unluckily its was a base64 encoded string. so much for the security of yahoo password.
Sample Perl Program :

  
  use MIME::Base64();
  $pass = "ENCRYPTED PASSWORD"; #Value of the registry key goes over here
  print "\nYahoo Mail Password :";
  print MIME::Base64::decode($pass);
  

Breaking Intranet Proxy and Mail Server Passwords..
Hmmm so now we got the Yahoo mail password due to its weak obscuring mechanism. Amongst cryptan's this would be a big laugh and mockery of Yahoo's value for your privacy. You would expect that yahoo Messenger do not have any other mentionable problems. I have just one more to mention. Anyone can use it to compromise corporate networks security if you use Yahoo Messenger from behind a firewall. Intresting huh!. let me explain how. Well in general Organization setup the password given to access the web proxy is the normally the same as the one used for accessing the mail server for various reasons. What yahoo messenger does is it caches the web proxy password in the following registry key which is obviously encrypted. But unluckily this is a very childish algorithm.
Registry Key :HKCU\Software\Yahoo\Pager\Http Proxy Passwd
The algorithm is trivial XOR operation with a number like 012345...n where is the length of the password what i call a positional XOR and i used it when i was in school writing programs in GWBASIC.
Sample Perl Program :

  print "\nIntranet Password :";
  $pass ="ENCRYPTED PASSWORD"; #Value of the registry Key goes here
  for ($i=0;$i < length($pass);$i++) {
   $xor = ord(substr($pass,$i,1))^($i+1);
   print chr($xor);
  }

Contact me : lipsssss@mailcity.com