Well behind this hack there is a absence of person very special to me tonight. If she would have been online today I would have not attempted to break yahoo's mail passwords. She would have had kept me very busy chatting and i never would have had got any time to break the password. Before I start let me introduce myself. My name is of no importance i go by another handle and i for my egoistic reasons dont want to relate this hack to me or my handle this is to trivial. so people can refer to me as lips for now if u ever need to contact me. I dont think u should need that though.

I just dont have her to talk to so you can say my hands are empty and my mind is working. This is how it started . Sometime ago a friend of mine was fishing for some registry keys. He was learning about registry i was showing him some tricks and suddenly i saw the mention of a proxy passwd key .I saw the encrypted string , looking at it i thought to myself that is xored sequence string they are easily detectable. Well i forgot it and didnt try to resolve the mystery string till today. As I had lot of time today with me .

Breaking the Intranet Password
I xored the encrypted string with my intranet proxy password voila behold the secret key . just looking at the result i summed it up analyzing what the algo could have been .The problem with XOR operation is well known
t XOR k = e this implies t XOR e = k this
moreover the other problem is the input and the output length of the string always match making it predictable
I wont explain more details of why not to use such an approach. I guess the best reference i can give if anyone is intrested is www.counterpane.com or read Applied Cryptography by Bruce Schiener.

Breaking the Yahoo's Mail Password
Next I went for breaking yahoo's Mail ID password. I wanted to know where yahoo kept its Yahoo password. I thought since i didnt see it in the registry top level keys Yahoo would have had stored it as a cookie value. At least that would have been more smart and cryptic. I gave them the credit of being smart. I smashed my cookies file to see if that affected the Yahoo messenger. No luck !! wrong move. That meant the value is right there in registry . So I went around fishing in registry i realised something odd about the "options string".It looked to me like a base64 encoded string. I wrote the two lines in perl and ran it to see whats the output voila' it was my yahoo mail password. Well sounds simple but fishing in registry is dangerous for normal users please dont try it at home. Or ask someone how its done :)

Then i summed it all up here in this page. For all of you to read. I hope yahoo will look this report up

TO END THIS PAGE LET ME TELL YOU WRITING ALL THIS HAS NOT MADE ME MISS LIPS ANY LESS JUST MADE ME MORE SLEEPY..........